(no title)

The honest answer is most people aren't catching it. The code works, the tests pass, and nobody reviews what the LLM left behind. You end up shipping unreachable functions, duplicate logic, and unused imports that sit there unreviewed and unpatched.

Dead code isn't just technical debt - MITRE catalogued it as CWE-561, a security weakness. A duplicated goto fail; once bypassed SSL on 500M+ Apple devices. It's a hidden attack surface that never gets looked at.

If you're vibe-coding regularly, I'd treat every LLM output like a junior dev's PR. Assume it works, assume it's not optimal, and run static analysis as a baseline. For dead code specifically check out my tool at swynx.io - plenty of free options.