Tell HN: People putting AI-generated fake projects on GitHub

1 points brodo | 4 comments | 04 Nov 25 08:27 UTC | HN request time: 0.62s | source

I was recently looking for a QUIC library for Zig and found zquic¹. The readme tells me it's perfect, 'PRODUCTION READY! ' and ' Ultra-high performance'. It all reeks of AI, so I looked deeper into it. It depends on two libraries by the same author, one for crypto, one async runtime. So I checked out his other repos². This guy 'implemented' everything: a database, an RPC framework, a scripting language, an event loop (which is different from his async library), a compression library, I could go on. If you delve ;-) into the code, you'll see it's all non-working AI slob.

Is this only CV hacking or something more malicious I can't think of? Do we need a 'report this repo as fake' button on GitHub?

1: https://github.com/GhostKellz/zquic 2: https://github.com/GhostKellz?tab=repositories

1. artursp ◴[04 Nov 25 09:05 UTC] No.45808881[source]
This is a scary trend. I have seen quite a few repos with fully autogenerated code. Some sort of reporting would be required. On GitHub side one check that could expose such bad actors would be to monitor how much code is committed per time period (this particular guy did most of the code 2-3 months ago).
replies(1): >>45809009 #
2. denuoweb ◴[04 Nov 25 09:22 UTC] No.45808977[source]
If the project were hand-written rather than AI-generated yet still labeled “production-ready,” what would meaningfully change? I think most AI criticism is sloppy. Look at your post here: you spend most of your effort trying to call out his use of AI, but your ultimate issue, the one that caused you to post on HN, comes down only to the fact that the package says “production-ready.” Do you really hate AI so much that you will blame it for issues completely unrelated to AI?
3. denuoweb ◴[04 Nov 25 09:28 UTC] No.45809009[source]
You do realize that your idea of a "code committed per time period" check is not how Git works, right?