alt Hacker NewsI really don't understand the HN comments here.
Lots of assumptions that the article is AI-authored (it could be but I'm not seeing overtly obvious signs - it's quite readable) & a lot of ungrounded assumptions that this is somehow related to Bitwarden integrating AI into their product.
I really thought reading comprehension among HN users was better than this.
Replies
There are worse things to mention about OneCLI as it looks like a completely vibe-coded mess, seeing that CLAUDE.md and Claude itself being one of the contributors [0]
Perhaps the most damning discovery is that they don't even do basic dependency pinning [1] [2] which just risks another supply chain attack.
As soon as I saw that, that was everything I needed to know about the project. No security audit whatsoever and Bitwarden believes this is something worth integrating.
[0] https://github.com/onecli/onecli/graphs/contributors
[1] https://github.com/onecli/onecli/blob/main/packages/ui/packa...
[2] https://github.com/onecli/onecli/blob/main/packages/db/packa...
Yeah, it seems like this is at minimum an "ok" thing. Honestly having a good way to do secrets management with agents seems like a good idea.