cross-posted from: https://discuss.tchncs.de/post/21298994

I’m trying to feel more comfortable using random GitHub projects, basically.

You are viewing a single thread.
View all comments
3 points

Probably not. Obfuscation works, and might even depend on remote code being downloaded at either build time or run time.

There are a lot of heuristics you can use (e.g. disallowing some functions/modules) to check a codebase, but those already exist no AI required. Unless you call static analysis “AI”, who knows.

permalink
report
reply
1 point

But an AI can “realise” the code might be downloading something it doesn’t need to. That’s the point.

AI is “smart” and understands that you told it that the library was supposed to do something specific, and it can understand that and look for things that seem not correlated to the purpose of the repo.

permalink
report
parent
reply
4 points

If you’re one of those people that think every product is better if there’s “AI” on the box then sure. What you’re describing is static analysis though, it is not new.

permalink
report
parent
reply
1 point

Where’s that tool then?

permalink
report
parent
reply
2 points

Its got a dataset of billions for tokens, youre better off running the stock market as an antivirus.

Instead if you care use specifically curated programs for the task, like antivirus’

permalink
report
parent
reply

Open Source

!opensource@lemmy.ml

Create post

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

  • Posts must be relevant to the open source ideology
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

Community stats

  • 4.3K

    Monthly active users

  • 998

    Posts

  • 8.3K

    Comments