undefined | Better HN

0 pointsswordsith1mo ago0 comments

Nice reusable libraries are still a core part of most AI projects, but honestly I think it's not a terrible approach with all the updating dependency malware issues with stuff like NPM.

0 comments

2 comments · 1 top-level

swiftcoder1mo ago· 1 in thread

> I think it's not a terrible approach with all the updating dependency malware issues with stuff like NPM

I think in this instance, the only thing worse than a zero day in your dependency tree, is a zero day you don't know your LLM vendored directly into your codebase...

swordsithOP1mo ago

Personally I feel a vulnerability in local code (unshared ai slop) is much less likely to be exploited, than for say a npm package update that will pwn you as soon as it loads up.

j / k navigate · click thread line to collapse