DEV Community

Cover image for Why TODOs rot — and how I built a tool to make them expire
Jobin
Jobin

Posted on

Why TODOs rot — and how I built a tool to make them expire

#opensource #devops #programming #devtools

Every codebase I’ve worked on has the same graveyard.
It’s not in a folder.
It’s in the comments.

// TODO: remove later
// FIXME: temporary hack
// HACK: this is ugly

We write them with good intentions.
We tell ourselves we’ll come back.
We almost never do.
Six months later nobody remembers why that code exists, but now it’s part of production — and touching it feels dangerous.
That’s not laziness.
It’s how software systems work.

The real problem with TODOs

A TODO is a promise with no deadline.
Without a deadline:

  • It has no owner
  • It has no priority
  • It has no cost
  • So it quietly rots.

Teams don’t ignore tech debt because they don’t care — they ignore it because nothing forces it to surface.

I wanted TODOs to behave like real work

Bugs don’t get ignored because:

  • CI fails/warns
  • Tickets get created
  • People get paged

So I asked a simple question:
What if technical debt worked the same way?
That led me to build a small open-source CLI called DebtBomb.

How DebtBomb works

Instead of writing:

// TODO: remove later

You write:

// @debtbomb(expire=2026-02-10, owner=pricing, reason="temporary promo logic")

You’re saying:

“This code is allowed to exist — but only until this date.”

DebtBomb scans your code in CI.

  • When the expiry date passes:
  • The build fails/warns
  • A Jira ticket is created or updated
  • Your team is notified in Slack, Discord, or Microsoft Teams

The debt becomes:
visible, owned, and impossible to ignore.

Why this changes behavior

The magic isn’t in the parsing.
It’s in the pressure.

Once developers know that:

  • Expired debt blocks deploys
  • It shows up in Jira
  • It pings the team

They stop writing vague TODOs and start making real decisions:
“Do I actually need this?”
“Who owns it?”
“When will it be removed?”

Debt becomes a contract, not a hope.

It’s language-agnostic and stupidly simple

DebtBomb doesn’t understand your code.
It just reads comments.
That means it works with:

  1. Go
  2. TypeScript
  3. Python
  4. Rust
  5. Java
  6. Bash Anything with comments No ASTs. No compilers. Just text.

Teams are already using it in CI
DebtBomb now integrates with:

  1. Jira
  2. Slack
  3. Discord
  4. Microsoft Teams So expired debt doesn’t just fail silently — it shows up where your team already works. You can try it in 30 seconds

go install github.com/jobin-404/debtbomb/cmd/debtbomb@latest
debtbomb check

Repo:
github
I’d love your feedback

This started as a personal itch, but it turns out a lot of people hate how TODOs rot.
If you’ve dealt with technical debt in production systems, I’d love to hear:

How do you track “temporary” code today?
What would make a tool like this actually usable in your tea

Top comments (0)