alt Hacker NewsMalicious libraries will drive more code to be written by LLMs. Currently, malicious libraries seem to be typically trivial libraries. A WhatsApp API library is just on the edge of something that can be vibe coded, and avoiding getting pwned may be a good enough tipping point to embrace NIH syndrome more and more, which I think would be a net negative for F/OSS
The incentives are aligned with the AI models companies, which benefit from using more tokens to code something from scratch
Security issues will simply move to LLM related security holes
The library in question is a malicious fork of a library which reverse engineered the undocumented WhatsApp Web API. Good luck making a slop generator reverse engineer an API.