No LLM Code in Dependencies

Dev spends 100 hours purging AI-written code—and the comments instantly go feral

TLDR: A developer says he spent 100 hours trying to keep AI-written code out of his project’s building blocks, after finding some seriously sketchy examples. Commenters are split between calling it a necessary stand against low-quality machine output and saying it’s an impossible purity test that could blow up useful software.

A software maintainer behind git-annex says he spent about 100 hours digging through his project’s dependency chain to avoid code written by large language models, and the internet’s reaction was basically: this is either heroic, impossible, or both. His warning reads like a horror story for anyone who thought computer-made code was just a harmless shortcut: giant mystery edits, bizarre commit messages, and one case that allegedly got uncomfortably close to copied code. The big mood from readers? A mix of dread, exhaustion, and dark laughter.

The strongest reactions split fast. One side called it a totally reasonable response to “AI slop,” with commenters warning that open-source software—publicly shared software built by volunteers—could collapse under the sheer labor of policing what’s real, safe, and original. Another side thought the whole thing sounded like a dramatic overcorrection, arguing that one bad incident shouldn’t mean swearing off whole tools or communities. And then came the practical panic: one commenter clicked through, realized this standard might mean dropping newer versions of major tools, and basically said, if that’s the choice, someone will just fork the project.

Naturally, the jokes were immediate. The top wisecrack? “Maybe an LLM could be used to check for this :)” Which is exactly the kind of irony the comments section lives for: when the robots become both the scandal and the proposed solution.

Key Points

  • The git-annex maintainer says they spent about 100 hours over a month auditing dependencies for LLM-generated code.
  • The stated goal was to keep git-annex buildable without dependencies containing LLM-generated code, at least for now.
  • The audit reportedly uncovered large LLM-generated changes later reverted, an incoherent 1,489-line commit message tied to 10,000 lines of changes, and an LLM prompt to copy code from another project.
  • The author says the main positive outcome was gaining more information about dependency quality, which will affect future decisions.
  • The author says the issue is causing them to reconsider participation in some software freedom communities while continuing to support git-annex users.

Hottest takes

"Maybe an LLM could be used to check for this :)" — skybrian
"fair and normal reaction to AI slop" — botfriendsarent
"I think I'm going to just wait for someone to fork annex" — StableAlkyne
Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.