{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiejnvngqxru3m72vqqy5vbgvgocks642kulegub2e4tf7roaejxzu",
    "uri": "at://did:plc:pi6woz4d47bkuws673w2il2r/app.bsky.feed.post/3mjafdiz5rca2"
  },
  "path": "/t/how-to-filter-out-vibe-coded-dependencies/13918#post_13",
  "publishedAt": "2026-04-11T17:14:22.000Z",
  "site": "https://discourse.haskell.org",
  "textContent": "arybczak:\n\n> Exactly. What’s the difference between a package that was badly coded by an LLM and a package that was badly coded by a human? I don’t see any.\n\nWe could start with copyright infringement.\n\nBut I think that’s not really the point. There’s something deeply untrustworthy about it. Not just about the nature of LLMs, but also the companies behind it.\n\nA swarm of vibe coders who have never coded anything real in their entire lives are suddenly let loose onto the world and the open source ecosystem. I’m not sure how you can say “but there are bad software engineers too” and brush that problem off as non-existent.\n\nI think open source ecosystems indeed are going to be faced with the problem of how to protect themselves from slop generated garbage. It’s not the occasional dude who’s uploading university exercises to hackage. And for that, I already have a personal blacklist anyway. I just want one for all vibe-coded projects, regardless of their authors.",
  "title": "How to filter out vibe-coded dependencies"
}