top | item 46298489

(no title)

mNovak | 2 months ago

While this example is explicitly asking for a port (thus a copy), I also find in general that LLM's default behavior is to spit out new code from their vast pre-trained encyclopedia, vs adding an import to some library that already serves that purpose.

I'm curious if this will implicitly drive a shift in the usage of packages / libraries broadly, and if others think this is a good or bad thing. Maybe it cuts down the surface of upstream supply-chain attacks?

discuss

MangoToupe|2 months ago

As a corollary, it might also increase the surface of upstream supply-chain attacks (patched or not)

The package import thing seems like a red herring

Retr0id|2 months ago

It's going to be fun if someone finds a security vulnerability in a commonly-emitted-by-LLMs code pattern. That'll be a lot harder to remediate than "Update dependency xyz"