Summarizer

Vibe Coding Quality

Multiple comments suggesting Claude Code itself appears to be poorly architected vibe-coded slop, with references to 5594-line files, random UI errors, and the irony of an AI tool being built by AI

← Back to The Claude Code Source Leak: fake tools, frustration regexes, undercover mode

Recent leaks and admissions suggest that Claude Code is a quintessential example of "vibe-coded slop," characterized by a disorganized architecture of massive files and frequent UI errors that critics describe as an unmanageable "rats nest." Commentators find deep irony in the fact that an AI-built tool accidentally shipped its own de-obfuscated source maps to npm, illustrating how replacing rigorous human engineering with LLM-generated logic can lead to amateur mistakes and fragile technical debt. While some developers still praise the tool’s utility for daily tasks, many argue that its reliance on prompts rather than structural governance represents a cautionary tale about the declining quality and accountability of software in the age of AI.

36 comments tagged with this topic

View on HN · Topics
That’s ultimately the right answer, isn’t it? Bad code is bad code, whether a human wrote it all, or whether an agent assisted in the endeavor.
View on HN · Topics
Yeah in my team everyone knows everyone is using LLMs. We just have a rule. Don't commit slop. Using an LLM is no excuse for committing bad code.
View on HN · Topics
Why are you assuming the actual implementation was authored by a human?
View on HN · Topics
"Here's what AI came up with and it mostly worked the one time I tested it. Might need improving". No. I don't want to test and pick through your shitty LLM generated code. If I wanted the entire code base to be junk, it'd say so in the readme.
View on HN · Topics
Absolutely. Let's say I have a problem with gRPC and traced it to code generated using the gRPC compiler. I can reproduce it, highlight it and I'm pretty sure the gRPC team would address the issue. Replace gRPC compiler with LLM. Can you reproduce? (probably not 100%). Can anybody fix it short of throwing more english phrases like "DO NOT", "NEVER", "Under No Circumstances"? Probably not.
View on HN · Topics
Leaves you open to vulnerabilities in overnight builds of NPM packages that increasingly happen due to LLM slop?
View on HN · Topics
I suspect vibe coders might actually want you to consider turning to Claude for accountability and ownership rather than the human orchestrator. If your linter is able to action requests, then it probably makes sense to add too.
View on HN · Topics
I am still just shocked that Claude Code was written in Typescript, not C++, Rust or Python. It also somehow messed up my alacritty config when I first used it. Who knows what other ~/.config files it modifies without warning.
View on HN · Topics
They have an annoying sandbox issue which pollutes your repository root with a set of empty files. Not the cleanest tool, but the paradigm is a big upgrade to previous AI coding. .bash_profile .bashrc .claude .env .gitconfig .gitmodules .idea .mcp.json .profile .ripgreprc .vscode .zprofile .zshrc config https://github.com/anthropic-experimental/sandbox-runtime/is...
View on HN · Topics
It sounds like if you are vibe-coding, that is, can't even be arsed to write a simple commit message, your commit message should be your prompt.
View on HN · Topics
wow, it's also not like their code was actually good (though this apply to most enterprise software). To hide a client behind closed source (it's also typescript, so even more baffling) is laughable behavior.
View on HN · Topics
I'm also wondering if it's even legally valid? They constantly love to talk about Claude Code being "100%" being vibe coded...and the US legal system is leaning towards that not being copyrightable. It could still be a trade secret, but that doesn't fall under a DMCA take down.
View on HN · Topics
Comments are great until they diverge from the code. The "no comments, just self-explanatory code" reaction comes from the trauma of having to read hundreds of lines of comments only to discover they have nothing to do with how the code actually works, because over time the code has received updates but the comments haven't. In that case it's better to just have no comments or documentation of any kind--less cognitive overhead. This is a symptom of broken culture, but the breakage is the same kind that has managers salivating over LLM vibeslop. So I totally get where your colleagues might be coming from. Working within the confines of how things actually are it could be totally reasonable.
View on HN · Topics
Idk if u are serious. Yes, lets blow another 5-10k a project/month on tokens to keep the comments up to date. The fact ai still cannot consistently refactor without leaving dead code around even after a self review does not give me confidence in comments… Comments in code are often a code smell. This is an industry standard for a reason and isnt because of staleness. If u are writing a comment, it means the code is bad or there is irreducible complexity. It is about good design. Comments everywhere are almost always a flag. Note, language conventions are not the same.
View on HN · Topics
> just YOLO'd everything into the codebase itself I suspect that's the logical endpoint of trying to provide everything as context to an agent. Why use a separate markdown file and have to waste extra tokens explaining what part of the codebase something applies to when you can just put it right there in the code itself?
View on HN · Topics
That’s what a source map is. It’s included in debug builds so that browser debuggers (and others) can step through the original code, comments and all, instead of the compiled javascript (which back in the day could become an undecipherable mess of callbacks if you were transpiling async/await to the legacy Promise API). Unfortunately in many bundlers making a mistake like this is as easy as an agent deleting “process.env[‘ENV’] === ‘debug’” which they’ll gladly do if you point them at a production or staging environment and ask them to debug the stripped/compiled/minified code.
View on HN · Topics
Exactly the type of comment Claude Code would write
View on HN · Topics
vibe-coded all the way through
View on HN · Topics
The irony of ironies is in the last paragraph: " ...accidentally shipping your source map to npm is the kind of mistake that sounds impossible until you remember that a significant portion of the codebase was probably written by the AI you are shipping.”
View on HN · Topics
Not much impact, Codex is already open source. The real value is in the model itself and the ability to use it with a subscription. Something you can't do legally with a clone of this code. The only thing I found interesting about this leak is just how much of a rats nest the code base is. Like it actually feels vibe coded without a shred of intelligent architecture behind it. Regardless, you can't beat the subscription and model access despite the state of the code base, so I still use Claude Code daily and love it.
View on HN · Topics
I just hope it doesn't turn out like n8n. I built a few things, wanted to make changes, looked at the code base, opened the devcontainer, noped out after being mortified by the sheer number of warning and dependency issues, threw away all of my work, uninstalled, didn't think about it again. Two months later it was CVE after CVE.
View on HN · Topics
Something that has been clear to me in using it, aside from direct claims by the authors, is that Claude is itself vibe coded slop. The number of random errors I get from using various parts of the web UI or CC that should work feels high for such a popular product. But they’re so deep in the vibes that I don’t think they can tell when some path in their web UI is broken. I tried to share a public link to a chat and it asked me to login when opening it on another computer. I tried to download a conversation and it threw an error. When I download markdown output the download succeeds but the UI throws an error. I have tried to control the behavior of Claude Code in tmux using documented flags but I can’t seem to get them to work properly. Agent teams don’t clean up their tmux windows, making the view a mess after they run. Claude code is an amazing product that I love and also it is itself vibe coded slop.
View on HN · Topics
And there’s no reason why they couldn’t vibe fix the issues if there was a process to report the bugs. Fixing issues like that could also be something that’s fully automated. Provided there’s a good test suite (not a given).
View on HN · Topics
Can fully AI‑generated code be copyrightable? Is there evidence that the leaked code was AI-generated?
View on HN · Topics
"Top engineers at Anthropic, OpenAI say AI now writes 100% of their code" https://fortune.com/2026/01/29/100-percent-of-code-at-anthro... > Right now for most products at Anthropic it's effectively 100% just Claude writing - Mike Krieger, chief product officer of Anthropic
View on HN · Topics
Because it has a high likelyhood of being written completely by a LLM without any human thought or attention being put into it. Being written by a LLM is a signal that the submission is of low effort and therefore probably low quality, which then puts the onus on the people reviewing and reading the submission instead of the original generator of the submission. Hence I would classify it as spam. Open source communities also have rules against LLM generated contributions, for various moral, ethical, or legal reasons.
View on HN · Topics
This is very much AI written, right? The voice sounds like Claude.
View on HN · Topics
The Claude Code leak suggests multi-agent orchestration is largely driven by prompts (e.g., “do not rubber-stamp weak work”), with code handling execution rather than enforcing decisions. Prompts are not hard constraints—they can be interpreted, deprioritized, or reasoned around, especially as models become more capable. From what’s visible, there’s no clear evidence of structural governance like voting systems, hard thresholds, or mandatory human escalation. That means control appears to be policy (prompts), not enforcement (code). This raises the core issue: If governance is “prompts all the way down,” it’s not true governance—it’s guidance. And as model capability increases, that kind of governance doesn’t get stronger—it becomes easier to bypass without structural constraints. Has anyone actually implemented structural governance for agent swarms — voting logic, hard thresholds, REQUIRES_HUMAN as architecture not instruction?
View on HN · Topics
The part of TFA that does it for me: "Every bash command runs through 23 numbered security checks in bashSecurity.ts, including 18 blocked Zsh builtins, defense against Zsh equals expansion (=curl bypassing permission checks for curl), unicode zero-width space injection, IFS null-byte injection, and a malformed token bypass found during HackerOne review." . AGI is definitely around the corner. Or not.
View on HN · Topics
I love it when "magic" like this gets unmasked, and under the hood it's just business as usual, i.e. dumb shit implementations to please the product owner(s) and hopefully the customers as well. Normal stuff in the tech world I suppose but still absolutely hilarious!
View on HN · Topics
> As one Twitter reply put it: “accidentally shipping your source map to npm is the kind of mistake that sounds impossible until you remember that a significant portion of the codebase was probably written by the AI you are shipping.” To err is human. AI is trained on human content. Hence, to err is AI. The day it stops making mistakes will be the beginning of the end. That would mean the existence of a consciousness that has no weakness. Great if it’s on your side. Terrible otherwise.
View on HN · Topics
>This was the most-discussed finding in the HN thread. The general reaction: an LLM company using regexes for sentiment analysis is peak irony. >Is it ironic? Sure. Is it also probably faster and cheaper than running an LLM inference just to figure out if a user is swearing at the tool? Also yes. Sometimes a regex is the right tool. I'm reading an LLM written write up on an LLM tool that just summarizes HN comments. I'm so tired man, what the hell are we doing here.
View on HN · Topics
The irony of an IP scraper on an absolutely breathtaking, epic scale getting its secret sauce "scraped" - because the whole app is vibe coded (and the vibe coders appear to be oblivious to things like code obfuscation cuz move fast!)... And so now the copy cats can ofc claim this is totally not a copy at all, it's actually Opus. No license violation, no siree! It's fucking hilarious is what it is, it's just too much.
View on HN · Topics
The code is obfuscated, but they accidentally shipped the map file, i.e. the key to de-obfuscating it.
View on HN · Topics
It's possible, but Anthropic employees regularly boast (!) that Claude Code is itself almost entirely vibe-coded (which certainly seems true, based on the generally-low quality of the code in this leak), so it wouldn't at all surprise me to have that blow up twice in the same week. Probably it might happen with accelerating frequency as the codebase gets more and more unmanageable.
View on HN · Topics
What a cesspool. So this is the power of being 80x more productive, having infinite llm usage quota? No wonder they had to let Satan take the wheel and went 100% vibe code. Thanks for making a point, llms are a disgrace