Open source projects have a new problem. They are getting massive numbers of useless pull requests from people who used AI to make their code changes. Just like other AI slop it takes time to review these and see that they are low quality and often buggy. These submitters probably are trying to get on the contributors list for these projects so they can put that on their resumes.
Vouch is not for project security. It’s just a way to fend off the massive numbers of junk submissions.
I bet Express.js will be using this. Look through their recent (especially the ones updating the README). They have had this problem for years from a different scourge: pajeets.
I also found an on Vouch, but the Vouch README explains itself well.
Open source projects have a new problem. They are getting massive numbers of useless pull requests from people who used AI to make their code changes. Just like other AI slop it takes time to review these and see that they are low quality and often buggy. These submitters probably are trying to get on the contributors list for these projects so they can put that on their resumes.
Vouch is not for project security. It’s just a way to fend off the massive numbers of junk submissions.
I bet Express.js will be using this. Look through their recent [closed pull requests](https://github.com/expressjs/express/pulls?q=is%3Apr+is%3Aclosed) (especially the ones updating the README). They have had this problem for years from a different scourge: pajeets.
I also found an [article](https://itsfoss.com/news/mitchell-hashimoto-vouch/) on Vouch, but the Vouch README explains itself well.
Login or register