It's 1 million LoC they merged in a week. And that's only the final state. It's going to be much, much more if you include changes in individual commits. 6,755 commits were pushed to the PR branch, including dozens that were made shortly before the branch was merged to main. There's not a chance that anyone has read the code in any significant portion, or even in the future, because people who review code don't merge to main before they do so.
> There's not a chance that anyone has read the code in any significant portion
Sure, but that wasn't really the question, the question was why it's obvious no-one or no-thing have closely reviewed the code? Given they use LLMs to produce the code, wouldn't surprise me if they used LLMs to review it too, and I don't see it as unfeasible to be able to review a lot of code on a lot shorter timeframe.
It's not like they're doing something unique or novel, they even had an implementation in another language they knew did the right thing, so all the review would have to do, would be to make sure it's the same in the new language.
Don't get me wrong, again, probably there is plenty of mistakes in there, and might catch on fire when run in the wrong way, but I still don't think it's obvious how they've done things, unless you have insights into their process which seems clear to me now that you don't.
> They obviously haven't closely reviewed the code. That's the point
You asked why.
If Bun’s maintainers truly reviewed it, they would've had to read at least 6k lines per hour for a full week without a break. No one can claim in good faith that could possibly have happened.
Bun is now a black box consisting of million lines of largely unread code. No amount of "you don't know the whole story" lawyering or endless demands for "proof" of the obvious will change that.
The scope of the issue goes far deeper than "there might be some mistakes." Because what happened with the rewrite isn't engineering. Engineering applies the scientific method and rigorous verification to real world problems. It surely isn't about trusting a digital genie's "guarantees" that "all is fine." All aspects of LLM output is undefined behavior, and Bun blindly accepted million lines of code generated from it.
Before anyone brings it up again, tests aren't a sufficient defense. They only catch a tiny subset of the infinite possible failures. Modern software development still depends on developers understanding the code they produce.