Why TODOs rot — and how I built a tool to make them expire

Jobin — Thu, 15 Jan 2026 23:50:08 +0000

Every codebase I’ve worked on has the same graveyard.
It’s not in a folder.
It’s in the comments.

// TODO: remove later // FIXME: temporary hack // HACK: this is ugly

We write them with good intentions.
We tell ourselves we’ll come back.
We almost never do.
Six months later nobody remembers why that code exists, but now it’s part of production — and touching it feels dangerous.
That’s not laziness.
It’s how software systems work.

The real problem with TODOs

A TODO is a promise with no deadline.
Without a deadline:

It has no owner
It has no priority
It has no cost
So it quietly rots.

Teams don’t ignore tech debt because they don’t care — they ignore it because nothing forces it to surface.

I wanted TODOs to behave like real work

Bugs don’t get ignored because:

CI fails/warns
Tickets get created
People get paged

So I asked a simple question:
What if technical debt worked the same way?
That led me to build a small open-source CLI called DebtBomb.

How DebtBomb works

Instead of writing:

// TODO: remove later

You write:

// @debtbomb(expire=2026-02-10, owner=pricing, reason="temporary promo logic")

You’re saying:

“This code is allowed to exist — but only until this date.”

DebtBomb scans your code in CI.

When the expiry date passes:
The build fails/warns
A Jira ticket is created or updated
Your team is notified in Slack, Discord, or Microsoft Teams

The debt becomes:
visible, owned, and impossible to ignore.

Why this changes behavior

The magic isn’t in the parsing.
It’s in the pressure.

Once developers know that:

Expired debt blocks deploys
It shows up in Jira
It pings the team

They stop writing vague TODOs and start making real decisions:
“Do I actually need this?”
“Who owns it?”
“When will it be removed?”

Debt becomes a contract, not a hope.

It’s language-agnostic and stupidly simple

DebtBomb doesn’t understand your code.
It just reads comments.
That means it works with:

Go
TypeScript
Python
Rust
Java
Bash Anything with comments No ASTs. No compilers. Just text.

Teams are already using it in CI
DebtBomb now integrates with:

Jira
Slack
Discord
Microsoft Teams So expired debt doesn’t just fail silently — it shows up where your team already works. You can try it in 30 seconds

go install github.com/jobin-404/debtbomb/cmd/debtbomb@latest
debtbomb check

Repo:
github
I’d love your feedback

This started as a personal itch, but it turns out a lot of people hate how TODOs rot.
If you’ve dealt with technical debt in production systems, I’d love to hear: