Most of my pip installs come from Claude Code suggesting them now and me just hitting enter. Model was trained months ago, so it has no clue what got compromised this week. We built the worst possible filter for "is this package safe right now".
Most of my pip installs come from Claude Code suggesting them now and me just hitting enter. Model was trained months ago, so it has no clue what got compromised this week. We built the worst possible filter for "is this package safe right now".
Stop blaming the LLM for your laziness and lack of due diligence.
Indeed, I also use LLMs to suggest dependencies but:
- I ask the LLM for multiple options
- I tell it what I need and what I don't need
- I then look at the packages it has suggested. Sometimes LLMs suggest unmaintained packages with 5 downloads a month just because it came at the top of a web search.
- if it's not a very well known project, I look at the code, I have received vibecoded dependency suggestions before that don't even function
LLMs are useful resources for "getting the pulse of the ecosystem", but just pressing enter is crazy.
exactly
What filter?
You say you rely on CC to suggest software to install from the internet, and then you install it.
I haven't heard anyone suggest CC or any LLM as a "filter" for "is this package safe right now", and it seems like a very bad heuristic to me, not only, but also for the reason you gave.
Well, people weren't checking CVEs before pip install before CC either, CC just scaled the habit to a larger audience at a faster cadence. The blast radius for day-zero compromises is what changed.
How has the blast radius changed though? The vibecoders that weren't developers before? If someone switched from pip installing themselves to having Claude do it, I don't see how that increased the blast radius.
This is easily circumvented by not pressing Enter.
Stale training data is part of it. But even a current model can't tell what setup.py is going to run on your box. Nothing actually inspects the package before it executes. You'd want something that pulls the metadata and checks what hooks are in there before anything runs.
Built Packj [1] to do exactly this.
1. Packj (https://github.com/ossillate-inc/packj) detects malicious PyPI/NPM/Ruby/PHP/etc. dependencies using behavioral analysis. It uses static+dynamic code analysis to scan for indicators of compromise (e.g., spawning of shell, use of SSH keys, network communication, use of decode+eval, etc). It also checks for several metadata attributes to detect bad actors (e.g., typo squatting).
By "the worst possible filter" do you mean "hitting enter when claude tells you to"?
"Sandbox this project before you make no mistakes."