soraminazuki 15 hours ago

This shouldn't be flagged. This is a new type of spam that will have serious consequences for open source.

LLMs have made it possible to effortlessly produce plausible looking garbage at scale and open source maintainers will soon have to deal with a high volume of these PRs going forward.

Just look at how much spammers it attracted when Digital Ocean offered free T-shirts to open source contributors [1]. Now, imagine what will happen when job prospects are involved and anyone can mass produce plausible looking garbage PRs in one single click.

LLMs will accelerate maintainer burnouts in the open source world and there's no good solution for that right now.

[1]: https://news.ycombinator.com/item?id=24643894

  • aydyn 9 hours ago

    There is actually a really simple solution to this: auto reject PRs from people you dont know.

    If someone is new to the project, ask them to write an issue explaining the bug/feature and how they plan to address/implement it. Make them demonstrate a human understanding of the code first.

    This is not a purely technical problem but a social one too.

    • soraminazuki 8 hours ago

      Making people go through hoops will just discourage legitimate potential contributors and not stop AI slop. LLMs are good at generating legitimate sounding wall of text. Without actual code, it'll be harder to distinguish legitimate contributors from spammers.

      • phaistra an hour ago

        You could ask the submitter to show a quick video recording of the new feature being used. Or if its a bugfix, show the failure scenario and then the fixed non-buggy scenario. If they can't be bothered to show a basic before/after demo of whatever they are working on, then you probably don't want to work with them and accept their code changes anyway.

      • aydyn 2 hours ago

        People already go through hoops and live with it just fine. I don't claim to have the best solution but fundamentally its a social problem and therefore solvable. Perhaps some form of chain of trust.

bob1029 5 hours ago

This is a perfect example of a PR that makes GitHub's react client run like shit.

Click on the Files changed tab and start scrolling if you want to see for yourself. It wasn't always this way. There was a time when you could review PRs containing 500+ modified files without any jank.

fn-mote 17 hours ago

The discussion here is amusing to read, but this is obviously a submission to instant-reject. No need for waste your time reading the PR, and I’m sure the maintainer won’t.

This is like spam making the front page of HN. Why?

  • cloudbonsai 16 hours ago

    I actually checked the PR because I was curious if a cutting-edge AI can generate 128k lines of quality code. I mean, if that's true it's great!

    Here is what I noticed while reading the PR:

    - The PR has surpurisingly little meat. It contains 128k lines, but most of them are AI-generated documentation (86K lines, 68%). It also contains 9K lines of AI-generated tests (7%). So the actual code is just 32K lines (25%).

    - For what it's worth mentioning, the documentation is bad. It mostly feels like a copy-and-paste from someone's LLM session. You can check it out yourself: https://github.com/OpenCut-app/OpenCut/blob/b883256/docs/iss...

    - I have no deep understanding of OpenCut project, but the code seems buggy? I observe that it casually removes a few logics from the original code without any reason. So it's plausible that the PR is not only useless but harmful to merge.

    So my takeaway is that a latest commercial LLM is not getting there, at least yet.

    • potato3732842 4 hours ago

      >- The PR has surprisingly little meat. It contains 128k lines, but most of them are AI-generated documentation (86K lines, 68%). It also contains 9K lines of AI-generated tests (7%). So the actual code is just 32K lines (25%).

      When you hear about a huge PR or change this should be your default assumption regardless of whether AI or otherwise.

      Most huge PRs are only a few thousand lines of "serious logic" code. That code then spawns a bunch of duplication of logic, stuff like adding a dozen few thousand line handling routines to convert a dozen inputs into some single thing. Those then spawn several times their own line count in docs and tests and whatnot.

    • phendrenad2 11 hours ago

      Great, so now the old "add 30k lines of auto-generated selenium tests to a project and put it on your resume" has a new AI step that amplifies it to 130k lines.

  • brookst 17 hours ago

    It’s got something for everyone.

    1. Outrage is fun! 2. “This confirms my biases!” 3. It’s kind of a funny extreme of bad behavior we’ve all had to deal with

  • bbor 17 hours ago

    It's interesting and funny and indicative of a broader problem in open-source development, reaching not only technical projects but also stuff like Wikipedia. 90% of the reason I'm here is for the discussion, not literally for the links to news -- there's much better ways to curate news directly to my phone these days.

    Plus, again: it's just downright funny. It starts funny b/c he's clearly well-meaning ("I do not think this can be directly merged into the project"), and then you get to the part where there's 300+ commits (20 of which are just "Updated project files") and you just can't help but crack a little smile!

  • morkalork 17 hours ago

    It's novel spam? At least today it is, tomorrow probably not. 128k is impressive!

  • bwfan123 17 hours ago

    Because we need to celebrate BullShit at scale ! and celebrate the fearless data-scientists turned software engineers who aided by AI are setting PR records while we software engineers watch with envy and sarcasm.

bee_rider 17 hours ago

I wonder, based on the start of the thread:

> I do not think this can be directly merged into the project. I think it requires some manual reviewing if something (I mean some part of code) is useful for the project development.

It seems like maybe his idea was to make a bunch of code, and then see if the maintainers want to pluck anything out of it. This is, of course, not how things are done and not very helpful. Projects don’t need a bunch of AI generated brainstorming. But, I guess, at least it seems well-intentioned? Over-enthusiastic.

  • thih9 17 hours ago

    My guess is they wanted to share some ideas; as in: what features could be added and what would an example implementation look like. They have no interest in deeper discussions or in forking the project.

    To me a large PR with a disclaimer that it should not be merged seems a decent way of doing this and better than not sharing anything at all.

    But I see how this could get distracting if more people do this. I assume this is a one time thing. In future I would recommend creating some fork with a note that it is not going to be maintained.

    • bee_rider 17 hours ago

      It just seems overwhelming and, therefore, very unlikely to get any traction. But I guess we’ll see.

    • em3rgent0rdr 17 hours ago

      Better if the submitter opened a feature request clearly describing the feature. As part of such a request, they could provide some screenshots and maybe a link to their AI-slop generated code for anyone curious to demo as a proof-of-concept, but without burdening any human with having to look at the slop.

  • blitzar 10 hours ago

    Low signal, high noise. Why waste time looking for the needle in the haystack?

delecti 18 hours ago

The fact that this wasn't immediately rejected with a stern "GTFO" tells me the project maintainers have way more patience than me.

  • gpm 17 hours ago

    I don't see any evidence that a maintainer has responded? It looks like all the responses are by

    - Some bot the maintainers are using to do preliminary code review

    - Trolls saying "lgtm" and the like.

kelseyfrog 18 hours ago

> A .claude/settings.local.json

We'll at least it's easy to find the root cause of the problem :/

  • tyre 18 hours ago

    I don’t think that’s the root cause here. The submitter decided that a 128k line PR was a good thing.

    AI is a tool. The problem is software engineering best practices (small, reviewable, incremental self-contained PRs.)

    • rurban 10 hours ago

      No, he did not. He said it was bad thing. He presented a couple of new features for discussion, with a new electron target. He decided to split it up into individual PR's after positive feedback.

    • hsbauauvhabzb 18 hours ago

      The problem is I can automatically ban tabs if I don’t like them. I Can limit the number of characters per line with a script. I cannot prevent you from sending prs with AI slop, nor can I easily detect it

      • Aeolun 17 hours ago

        You can make a bot that auto rejects everything over 5k lines though

      • cr125rider 18 hours ago

        Ah if you can’t easily detect it, wouldn’t that mean it passes muster?

        • p1necone 17 hours ago

          Human beings make relatively predictable mistakes, to the extent that I can skim read large PRs with mental heuristics and work out whether the dev thought carefully about the problem when designing a solution, and whether they hit common pitfalls etc.

          AI code generation tends to pass a bunch of those heuristics while generating code that you can only identify as nonsense by completely understanding it, which takes a lot more time and effort. It can generate sensible variable and function names, concise functions, relatively decent documentation etc while misunderstanding the problem space in subtle ways that human beings very rarely do.

          • shadowgovt 17 hours ago

            Sounds like it raises the bar on verification requirements.

            ... In a world where someone almost compromised SSL via a detail-missed trust attack... Maybe that's okay?

        • handsclean 17 hours ago

          No. They’re not hard to detect because they’re good, they’re “hard” to detect because understanding code takes time, and you’re putting that work on the maintainer.

          I find it hard to believe that people who don’t intuit this have ever been on the receiving end. If I fill up your email inbox with LLM slop, would you consider that I’ve done you a favor because some of it’s helpful? Or would you care more about the time you’re wasting on the rest, and that it’d take longer to find the good bits than to make them yourself, and just block me?

        • 112233 13 hours ago

          That's like saying if you could not tell the person calling you was a scammer and lost money, then the call passes muster.

          As long as the person submitting PR has put in the effort to ensure it is of high quality, it should not matter what tool they used, right?

          Well, overwhelming majority vibies seem not to. Welcome to "block all chinese and russian IPs" era, open source AI edition.

      • johnisgood 11 hours ago

        It depends. Could you easily determine in this case that it was "AI slop"? I have used LLMs before for PRs, but not with having my brain turned off, and it got merged because it was legitimate, and I would have never sent the PR without doing my own careful review. I may be in the minority, who knows.

    • lokar 18 hours ago

      [flagged]

Ancalagon 18 hours ago

How much do we think was spent on claude code for this?

  • Arrowmaster 17 hours ago

    He's still going. Just saw a new commit using Claude to add .vscode to .gitignore and untrack the files. How much did it just cost to do something that can be done in two cli commands.

cadamsdotcom 18 hours ago

This is a fork.

We are going to have to learn some new etiquette with this new tech, but that’s always how it’s been.

  • dgfitz 17 hours ago

    I appreciate your point and your candor, however forking is not new tech. This 'etiquette' is not at all new.

mat_b 17 hours ago

The attitude of "I will do only the fun part. I'll create some barely workable code and expect others to fix it" existed long before AI code generation. Vibe coding is really enabling it to be taken to another level.

  • soraminazuki 15 hours ago

    > The attitude of "I will do only the fun part.

    It would've been better if the PR author actually had any fun thing they wanted to do. They didn't, hence the PR title "Try to help but need some help." This PR literally has no purpose.

a2128 17 hours ago

I had a pull request like this on my project somewhat recently, thousands of files changed, the author seemed unsure of what exactly they added, and names suggested use of AI tools.

I think it's a cool use case for AI, for non-programmers to be able to customize open source software for themselves with AI tools (just hope it doesn't introduce a data loss bug or security vulnerability...) But obviously these tools as of today will make an absolute mess over time without a lot of guidance, and being a non-programmer makes it impossible to give it that guidance. I guess it's fine if the only user is the non-programmer and they're never gonna maintain it themselves, but sometimes they assume some of the code somewhere will somehow be useful for the project and so they open a pull request like this without realizing the insanity they're doing

RGBCube 18 hours ago

Holy slop.

This does reflect my experience with Claude Code too. It just writes TOO MUCH damn code. It's never able to understand the tiny change that would make the software actually be better without guidance, and at that point I'd rather write it myself.

It's fine for gruntwork though.

  • Ancalagon 18 hours ago

    my experience as well - it would rather re-invent the wheel over and over

    • tough 18 hours ago

      their owners charge per token so...

      • kirb 17 hours ago

        On the Pro tier, it’s a fixed monthly price with fixed quota per 5 hour window.

        That said, every time I’ve tried it, it’s spent ages writing code that barely works, where it keeps writing over-engineered workarounds to obvious errors. Eventually, it gives up and decides broken is good enough, and returns to the prompt. So you still have a point…

  • blitzar 10 hours ago

    It was trained on the code the finest leet coders wrote. I do wish it would look at my existing code base and write more shit code like I write.

  • genewitch 44 minutes ago

    This isn't directed at you, but rather the general "A!", "No, A is no good. B!" thing that HN does. Lots of people swear by Claude Code on HN; nearly any post that could shoehorn an AI discussion has someone saying "But I just use Claude Code and it works fine!", with others saying that gemini is better if you pay, etc.

    The issue is, very few actually publish the AI code. I have, at least three times on HN. I don't pay for AI - well, i put $10 on deepseek to check it out and have spent less than a penny. I mostly use local or copilot. I've never used chatgpt to write code, nor claude, gemini, grok, or meta.

    So, the result is, this comes off as:

      "My football team is best because A,B,C!"
      "No, A & B aren't important, C,X,Y are, and my football team has those!"
      "So you agree C is important?"
    
    Anyhow, in support of my point, here's some of my AI output:

    https://news.ycombinator.com/item?id=44652138 I used copilot to add static, and fix the digits spoken to singular digits instead of groups, "7, 3, 4" instead of "seven hundred and thirty four." Done with copilot.exe; final version without pops, clicks, and crash at: https://github.com/genewitch/opensource/blob/master/numbers-...

    https://github.com/genewitch/opensource/blob/master/specific... and https://github.com/genewitch/opensource/blob/master/markov%3... to convert n-gate to json and then put the json into a markov chain. Done with copilot.exe

    https://github.com/genewitch/aider2048clone A local 70b LLM model oneshot with Aider (a tool to write codebases with AI); oneshot means i typed a prompt and then published the output, i didn't edit or change anything or re-prompt.

    and the oldest, and my favorite example so far; https://github.com/genewitch/emd A full react app stack - including the node.js 'server.js', done in copilot.exe over the course of ~20 hours. I didn't manually edit the code except for one tiny part where the only math in the code is, and i worked it out on a piece of paper with a pencil, then coded it in myself. i couldn't explain it well enough to copilot for it to produce the code i wanted. Luckily the nuts and bolts of jscript is easy enough, it's all the const and "{}" that i don't "get".

    I've linked all of these on HN before, usually in protest to someone else not linking their code and/or complaining that no one links their code.

    none of these were "thinking" mode.

  • koakuma-chan 18 hours ago

    Looks like it's mostly tests and AI specs.

    • azemetre 18 hours ago

      It all amounts to chargeable tokens in the end.

      • brookst 17 hours ago

        Conspiracy theories need to at least have a passing compatibility with reality. Anthropic loses money with more tokens used to solve the same problem.

        • azemetre 2 hours ago

          Is it really a conspiracy theory that these companies want to charge by throughput? What exactly is out of the realm of possibility when these companies literally charge by the token...

mgerdts 17 hours ago

Coderabbit’s estimate of review time is interesting:

Estimated code review effort

5 (Critical) | ~90 minutes

  • teaearlgraycold 9 hours ago

    Does anyone else feel like Coderabbit is mostly noise?

cadamsdotcom 18 hours ago

Also can we get rid of “Someone” in the headline?

It’s very clickbaity as the identity of the “Someone” is one of the first things you see by clicking the link.

  • Terr_ 17 hours ago

    It's not bait, so it can't be "clickbait."

    Nobody here is clicking out of a burning curiosity to resolve the PR-submitter's identity. We can reliably predict it'll be a random account that we've never seen before and will never recognize again.

    Analogy: It's like someone linked "A kitten doing somersaults." I don't care which kitten is involved, I'll click because I anticipate cuteness and amusing acrobatics. Replacing it with "Miss Mittens (a kitten) doing somersaults" is unnecessary.

  • Larrikin 18 hours ago

    There is zero information gained by actually naming the person in the title. They are just a random contributor out of all the contributors on GitHub

  • kevingadd 18 hours ago

    Is their name particularly relevant to the headline? If anything it feels like it might be beneficial to emphasize that it's not about the who here, but instead the what.

  • ranger_danger 18 hours ago

    What would you prefer? Naming someone that nobody knows?

5pl1n73r 17 hours ago

That begs the question: how big of a codebase can these tools generate that works?

(loop unrolling doesn't count)

  • fourthark 12 hours ago

    Like anyone, it can always keep adding new code that “works”. The problem is that it’s causing other code not to work at the same time, and it doesn’t see that.

  • em3rgent0rdr 17 hours ago

    More important than code that works now is code that can be reviewed and maintained so it will continue to work in the future. AI-slop, even moderately-sized, might pass the test cases and seem to work, but it is doubtful it will continue to work in the future, particularly if a code base continues to accept more slop.

pengaru 16 hours ago

I always looked forward to the day spammers would invade my free software projects with mountains of generated "contributions"

dollylambda 18 hours ago

The title on this PR "Try to help but need some help" LMAO

bwfan123 17 hours ago

wow, BS at scale. Love the LGTMs and the ship its. A few of these merged PRs and the project gets into the shitter.

meta/amazon manager be like - productivity through the roof.

andrewmcwatters 18 hours ago

This is egregious, but I’ve straight up had coworkers pull this sort of clown work in actual workplaces.

  • relaxing 18 hours ago

    Your coworkers did not push 128 klocs in one PR.

    • rurban 10 hours ago

      My coworker did push a 1M kloc ai-generated PR once. Over 1K files. It was a fine C++ refactoring. The reviewers had fun, and it was presented in the sprint review as proper usage of the new AI tools.

      When we added pre-commit we also had those huge automatic whitespace and style refactorings once in a while over hundreds of repos. No problem at all

      • rester324 6 hours ago

        Proof needed, otherwise it didn't happen. And I secretly hope that this is some kind of low quality satire

stephenlf 18 hours ago

Initial reaction—haven’t read through the code yet, but I expect to see 100% AI slop. Also, I love the comments saying LGTM

———

Quickly glancing through the code. 20 commits with the message, “Update documentation and project organization.”

cocodill 18 hours ago

kill it with fire before it lays eggs

  • andrekandre 17 hours ago

    more like nuke it from orbit (its the only way to be sure)

shadowgovt 17 hours ago

I mean... At the end of the day, this is easy to handle.

Reject: please break into digestible features, probably no more than 1500 lines each. Our team is responsible for hand-verifying all changes and this cannot be hand-verified practically.

... And if they disagree they can fork.

  • soraminazuki 15 hours ago

    If it's an isolated case and not anything more sophisticated, maybe. When people inevitably start mass-spamming open source projects to make their Github contribution graphs greener, this will be a serious problem that will accelerate maintainer burnouts.

    This became a problem when free T-shirts were involved [1]. Now imagine what will happen when job prospects come into the picture.

    [1]: https://news.ycombinator.com/item?id=24643894

    • shadowgovt 13 hours ago

      > When people inevitably start mass-spamming open source projects to make their Github contribution graphs greener

      How does GitHub handle that right now? What's to stop an individual account from just dropping line-noise PRs onto projects (i.e. random-bytestring files that couldn't possibly be correct)?

      Seems like whatever the social network (and, to be clear, GitHub is a social network) uses to police trolls right now could be applied to AI-spam. This is a problem every social network has to solve eventually; surely GitHub hasn't gone this long with no solution at all?

      • soraminazuki 6 hours ago

        Yes, now other online platforms have to deal with LLM spam as well. That doesn't really mean we have a solution for that.

        Social media hasn't been able to keep up with spam even before LLMs became this big. With LLMs, mass-generating legitimate sounding spam became cheap and effortless.

        • shadowgovt 3 hours ago

          I suspect the solution will look something like "If you make too many PRs that don't get accepted, it flags your account for manual review... Or just preemptively cuts the account's authority to propose PRs to other people's projects pending appeal." As far as I'm aware, nobody's really drowning at Meta or Reddit regarding LLMs; they've been dealing with low-quality human-generated content at volume for decades. Perhaps this is just a new challenge for GitHub specifically?

maxbond 17 hours ago

I don't think we should be dunking on someone for saying, "I have no idea what I'm doing and I need help." This isn't hubris. They didn't think that this 100k line change would be accepted. They were just asking for guidance.

I don't think this belongs on HN.

  • soraminazuki 8 hours ago

    This PR has no purpose whatsoever that benefits the project. No open source maintainer should have to put up being spammed with 128k line AI slop made without any concrete purpose. It's mind blowing that AI zealots are now demanding people to be supportive of such spam with an air of moral superiority. Won't somebody please think of the spammers!

    If someone wants that green Github contribution graph, they should at least take the time and effort to learn software engineering. They shouldn't steal open source maintainers' time with AI slop and expect them to clean it up. It's beyond offensive. It's telling the maintainers that is what their projects are worth.

    • maxbond 8 hours ago

      To me they look like someone earnestly asking for help, but in the wrong forum. Closing the PR would make sense to me, but I don't think there's any purpose to making this person a main character. I've spent a lot of time in online programming communities, so people asking for help in awkward ways, perhaps inappropriately or with an element of entitlement, that's just Tuesday from my perspective.

      I'm not an AI zealot, as it happens. I've made a lot of comments on here critical of AI. I just don't think HN is a place to gawk at random people's faux pas of GitHub etiquette.

      • soraminazuki 8 hours ago

        My bad for assuming that you were an AI zealot. But I do want to stress that this issue isn't just about a single person. It's much bigger than that.

        As I mentioned in my other comments, there were an influx of spammers directed at open source projects when Digital Ocean offered free T-shirts for open source contributions. With LLMs being able to mass-produce plausible looking garbage PRs, spammers looking for job prospects will flood the open source community, burning out maintainers in the process.

        This issue needs to be discussed for the survival of open source.

        • maxbond 8 hours ago

          > My bad for assuming that you were an AI zealot.

          Thank you for the acknowledgement, that's rarer than it should be and I appreciate it.

          I'm sure there's an issue with low quality PRs to open source projects, and that LLMs are making it worse, but I think the Twitter style of discourse where we identify some random person who said something ill advised and lay into them is just scapegoating. I don't think it's going to help open source maintainers deal with bad PRs or help prospective contributors understand how to make a PR (or when not to make one).

  • rgoulter 9 hours ago

    The PR author seems clueless.

    But, it's at least a little remarkable that the cluelessness was able to then pester someone in an unusual way.