[allenz_cheung]

Hi HN, I'm working on CodeProt. We recently wrote about how we use static analysis (AST and data-flow) to catch performance killers like Zip Bombs and architectural bottlenecks (e.g., full DB reloads) early in the review process.

We found that performance isn't just about speed—it's about availability. A single unconstrained extraction or a bad architectural pattern can bring down a system just as effectively as a DDoS.

Curious to hear how others are automating these kinds of architectural checks.

[bediger4000]

Do you want spammers and scrapers to triumph!?! A zip bomb is a good way for the righteous to let it be known that unclean scrapers should stay away.

[tliltocatl]

It's not like they are not going to figure it out themselves eventually. Use inverse slow loris instead. Yes, these are harder to deploy, but much more robust.

[theamk]

Yes, they do. Remember, OP is build AI-powered review tools. Their technology won't exist without scrapers.