[lucideer]

I really don't understand the HN comments here.

Lots of assumptions that the article is AI-authored (it could be but I'm not seeing overtly obvious signs - it's quite readable) & a lot of ungrounded assumptions that this is somehow related to Bitwarden integrating AI into their product.

I really thought reading comprehension among HN users was better than this.

[rvz]

There are worse things to mention about OneCLI as it looks like a completely vibe-coded mess, seeing that CLAUDE.md and Claude itself being one of the contributors [0]

Perhaps the most damning discovery is that they don't even do basic dependency pinning [1] [2] which just risks another supply chain attack.

As soon as I saw that, that was everything I needed to know about the project. No security audit whatsoever and Bitwarden believes this is something worth integrating.

[0] https://github.com/onecli/onecli/graphs/contributors

[1] https://github.com/onecli/onecli/blob/main/packages/ui/packa...

[2] https://github.com/onecli/onecli/blob/main/packages/db/packa...

[lucideer]

Having agents contribute to a tool designed for agentic coding is thoroughly unsurprising - if anything, your contributor link showing that 873 LoC were written by Claude, in a project with tens of thousands of lines contributed, seems to show far fewer agentic contributions than I would normally expect. It seems far from vibe coded looking at those stats alone.

The lack of package pinning is unfortunate but common enough that I'd simply open a ticket (& expect them to address it) rather than writing off the entire project.

The lack of a security audit for a project this young is also unsurprising & hardly notable.

[fridder]

Yeah, it seems like this is at minimum an "ok" thing. Honestly having a good way to do secrets management with agents seems like a good idea.