I build apps with AI, then hunt the security holes it leaves behind. Mostly Supabase + Next.js. Sharing what I find -- and happy to scan yours for the same, free. DM open.
What I keep rereading: the decision happened before the engineer realized there was a decision to make. There's a security edge to that you didn't quite step into. The same confident, skim-and-accept handoff is where a supply-chain attack lives. When the agent names a package with identical authority whether it's the market consensus or its own idiosyncratic pick, that authority is what disarms the one check that would catch a typosquatted or hallucinated lookalike -- looks reasonable, click, installed. That 97% within-model confidence is doing real work here: it's what stands between a plausible package name and your lockfile. And the second-model opinion you suggest helps with regret but not with this. Two models agreeing a package is good says nothing about whether the package is real or unhijacked, because consensus isn't provenance -- they can share the same training-era blind spot and both name something a squatter has since registered. Different gap, same root as yours: the recommendation arrives with a confidence the supply chain underneath it never earned.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
What I keep rereading: the decision happened before the engineer realized there was a decision to make. There's a security edge to that you didn't quite step into. The same confident, skim-and-accept handoff is where a supply-chain attack lives. When the agent names a package with identical authority whether it's the market consensus or its own idiosyncratic pick, that authority is what disarms the one check that would catch a typosquatted or hallucinated lookalike -- looks reasonable, click, installed. That 97% within-model confidence is doing real work here: it's what stands between a plausible package name and your lockfile. And the second-model opinion you suggest helps with regret but not with this. Two models agreeing a package is good says nothing about whether the package is real or unhijacked, because consensus isn't provenance -- they can share the same training-era blind spot and both name something a squatter has since registered. Different gap, same root as yours: the recommendation arrives with a confidence the supply chain underneath it never earned.