DEV Community

Discussion on: Coding Agents Play Favorites With Your Dependencies

Collapse
 
vollos profile image
Pon

What I keep rereading: the decision happened before the engineer realized there was a decision to make. There's a security edge to that you didn't quite step into. The same confident, skim-and-accept handoff is where a supply-chain attack lives. When the agent names a package with identical authority whether it's the market consensus or its own idiosyncratic pick, that authority is what disarms the one check that would catch a typosquatted or hallucinated lookalike -- looks reasonable, click, installed. That 97% within-model confidence is doing real work here: it's what stands between a plausible package name and your lockfile. And the second-model opinion you suggest helps with regret but not with this. Two models agreeing a package is good says nothing about whether the package is real or unhijacked, because consensus isn't provenance -- they can share the same training-era blind spot and both name something a squatter has since registered. Different gap, same root as yours: the recommendation arrives with a confidence the supply chain underneath it never earned.