nick pfp
nick
@nickysap
Vibe coding is the new WordPress. Hear me out. Back when I first started freelancing, many of my clients wanted me to build WordPress sites. Or rather fix/finish the WordPress site they started. They were typically new entrepreneurs that had been led to believe that starting an online business was going to be drag-and-drop easy. Just buy this theme, add your logo, and profit! But WP was a nightmare for those unfamiliar with its nuances. After all, it started as a blogging platform and then kind of stapled together a CMS framework once competition started mounting. Then SquareSpace gained popularity. And Wix. And many other drag and drop website builders that enabled entrepreneurs to buy cheap and ultimately, buy twice. I see the same happening with so-called “vibe coding” tools. They appear to be the latest iteration in low-code/no-code development. Enabling people with limited skill to make beaucoup bucks with a simple idea. A few success stories is all it takes for folks to believe they can do it too. Yet more often than not, these apps are no more than insecure slop that ultimately require a dev to come in and sweep up the mess. Freelancers destined for janitorial labor. I have recently embarked upon a big lift with Claude Code and yesterday I went through the first security review. It was leaking sensitive environment variables, failing to authenticate users properly (any user could view any other user’s page), and transmitting tons of raw data over the air. It also wrote a bunch of random mock components to force tests to pass. In other words, it was a disaster lying in wait. While I appreciate the speed with which I was able to generate this iteration, without a skilled set of eyes, this would have caused me and my team immense distress and embarrassment when everyone lost all their money. I think vibe coding is great for prototyping and mini apps (with no financial element) but be wary of thinking you’ve gained a skill you haven’t earned.
4 replies
2 recasts
30 reactions
Dwayne 'The Jock' Ronson pfp
Dwayne 'The Jock' Ronson
@dwayne
great points! do you think that you could prompt/use AI to look for and mitigate these issues? maybe thru the initial prompt to avoid them in the first place or maybe after it has done its first pass.
1 reply
0 recast
0 reaction
Peter Kim pfp
Peter Kim
@peter
imo it's still best used by good devs to supercharge their knowledge
0 reply
0 recast
8 reactions
matthew pfp
matthew
@matthew
agree, I built a poker mini app entirely with claude code. while it was great, it was also buggy for reasons I didn't understand because I didn't actually write any of the code. And now that I'm going in and "sweeping up the mess", I'm seeing how much of a mess it really was. Still feels helpful in some ways, particularly to speed up annoying and repeated tasks that I can very clearly define. or to gather info about a codebase in a way that would be really hard to do with a simple text search. but yeah... very much not a silver bullet and I am now very skeptical of people who claim that it is. recent example was the every.to founder on Lenny's pod.
0 reply
0 recast
3 reactions
bradq pfp
bradq
@bradq
@procoin curate FARCAST
1 reply
0 recast
0 reaction
Zahndry pfp
Zahndry
@zahndry
So true about the security risks
0 reply
0 recast
0 reaction