Been building a linter specifically for AI-generated code. Ran it against GitHub repos that say they were built with AI tools. Not to shame anyone, just wanted to see if there's a pattern.
There is.
A trading bot on Binance had hardcoded API key fallbacks and multiple innerHTML XSS vulnerabilities in the dashboard. A Supabase app had tables with zero Row Level Security, anyone with the project URL could read/write everything. A lofi streaming app imported 5 npm packages that aren't in package.json. Hallucinated deps, app can't start. A 1000+ star macOS clone had 476 exported functions that nothing ever calls.
6 out of 7 had empty catch blocks all over the place. AI wraps stuff in try/catch but the catch block is just {}. Silent failures everywhere.
Average scores were actually around 90/100 though. Not a quantity problem, it's a severity problem. One missing RLS policy wrecks you harder than 50 unused exports.
npx prodlint if you want to try it on your own stuff. Free, ~100ms, 52 rules.
What AI-generated bugs have you shipped without realizing?
A user developed a custom linter for AI-generated code and found critical vulnerabilities in 6 out of 7 GitHub repositories. Issues included hardcoded API keys, missing Row Level Security, and empty catch blocks. The linter, available on GitHub, aims to address severity rather than quantity of bugs.
So the linter is a project on GitHub? You should share it (or you’re building it as a future paid service)?
Sshould've linked it. https://github.com/prodlint/prodlint
MIT licensed, zero config. Just npx prodlint in any JS/TS project.