[bennyg]

Sounds like the job for an LLM tool to extract what's actually used from appropriately-licensed OSS modules and paste directly into codebases.

[shakna]

Requiring you to audit both security and robustness on the LLM generated code.

Creating two problems, where there was one.

[bennyg]

I didn't say generate :) - in all seriousness, I think you could reasonably have it copy the code for e.g. lodash.merge() and paste it into your codebase without the headaches you're describing. IMO, this method would be practical for a majority of npm deps in prod code. There are some I'd want to rely on the lib (and its maintenance over time), but also... a sort function is a sort function.

[shakna]

LLMs don't copy and paste. They ingest and generate. The output will always be a generated something.

[lgas]

You can give an LLM access to tools that it can invoke to actually copy and paste.

[TheBicPen]

In 2022, sure. But not today. Even something as simple as generating and running a `git clone && cp xyz` command will create code not directly generated by the LLM.

[boomlinde]

In what way do you think this rebuts the message you responded to?

[vFunct]

LLMs can do the audits now.

[philipwhiuk]

Do you have any evidence it wouldn't just make up code.

[const_cast]

This is already a thing, compiled languages have been doing this for decades. This is just C++ templates with extra steps.