Is AI creating opensource maintenance issues?

Is your AI coding creating an opensource maintenance problem from day one?

Probably.

I love Claude Code, it helps with my coding tasks, I can iterate quickly and then throw away what doesn’t work without offending anyone, edit or write other parts.

Over the weekend, I was building out a concept with Claude, but when it setup the package for the project, but I noticed the versions were behind, and it chose a “minimum” version of python that was already end of life. The opensource packages were many versions behind. The code worked as intended, however, from day one, the opensource dependencies were already months out of date.

This is not the first time i’ve experienced this either, several similar proof of concepts i’ve built have all included many out of date opensource libraries, probably due to training dates. So when I asked Claude to check for latest versions, it went and diligently went and checked, and updated the versions. But I had to know to do that.

In my work, looking at software supply chain at many companies, it’s hard enough to keep opensource up to date when a project is actively worked on, and it’s a bad place to start already using versions months or years old from the start.

The key reminder and take away for me is still:

• Remember to check the libraries versions on AI assisted coding
• Remember to have other guardrails in place to check your dependencies in your repositories (e.g. Dependabot, Renovate etc)

Who’s found any scary or vulnerable libraries from the AI coding tools?

hashtag#softwaresupplychain hashtag#opensource hashtag#opensourceinventory