Alan Langford ๐จ๐ฆ๐งค๐งๆRE: https://namtao.com/@noboilerplate/116085772162424749
This is the single best thing you can do to make sure that the code you're using isn't full of crap.
Nicholas Dionysopoulos@alan This kind of black-and-white thinking is moronic. AI code assistants are good at coding. Whoda thunk it?! It's only in the name! Why would I spend 2 days writing trite framework plumbing code when Claude Code can write it in <5 minutes, and I can code-review and polish it in 1โ2 hours? The code is identical to what I'd have written without using Claude. How does using this tool suddenly makes the very same code you previously called "excellent" into crap?
@nikosdion Ironically, your black-and-white interpretation of what I said meets the same bar.
First off, this just warns you if a repo has commits from "Claude", which I suggest one would be wise to review before making use of the code. I never said the code was crap; I provided a mechanism for detecting when crap code might have gotten into a repo.
This is based on a report that 5% of a sample of FOSS projects that had commits from "Claude" all had very similar vulnerabilities. If Claude was the user submitting the patch, then it seems to me that it hasn't been reviewed or polished, it's just that someone submitted the statistically most probable code in response to a prompt without even looking at it.
To be clear, I did not say "never use AI to help write your code." Seriously the only way to avoid small AI algorithms when writing code would be to hand-code assembler.
Now if your name was on the commit, I'd have a high degree of confidence in it, and I wouldn't care if you used Claude or any other LLM AI as part of the process of creating it, but that's because I know that you know what you're doing, especially when it comes to security and vulnerabilities. If someone I don't know made the commit, I'd treat it with he same level of caution, with or without the assistance of an AI.
@alan Sorry for coming off a bit aggressive, I have a limit of 500 characters on the server. Definitely not b&w view; if that's what you got, you misread me. 99.9% of the posts I see about AI are absolutist views (AI bad, AI is the future) with zero nuance or thought process behind them. AI is a tool. Who wields it matters more than which tool was used. Bad coders can use great tools to write horrible code, and great devs can use bloody Notepad to write great software.
@alan What you might also not realize is that Claude ALWAYS adds itself as the co-author. Disabling that is a bit of a hidden option; I only found out it's even an option today, after a month and a half. That's why my MANUALLY REVIEWED AND EDITED commits show Claude as the co-author. So, don't jump into conclusions because it would appear you don't have the full picture ;)
@nikosdion Still it serves as a flag. When the "yo, you blocked a contributor to this repo" note comes up, I'd be inclined to look at the commits from Claude to determine if someone just "generated and committed" or if they used the tool appropriately. Not that people can't write crappy, vulnerable code without the assistance of an LLM...
What I did not say is "never use code with Claude as a contributor."