Nathan Swift

Someone hid a self-replicating worm inside 37 npm packages. Written in Rust. Hidden behind an eBPF kernel rootkit. Talking to its operator over Tor. It steals 86 environment variables. AWS keys. GCP keys. Vault secrets. Kubernetes tokens. Your Anthropic API key. Your OpenAI key. Your Exodus wallet seed phrase. Then it uses your own npm credentials to republish itself into your packages. So your code infects the next developer. Who infects the next one. The commits were backdated up to 13 years. The commit author name was “claude.” The malware named itself after the AI to hide in plain sight. The attacker also left their own wallet recovery phrase in the debug data. Nobody is having a good day. Check your preinstall hooks.

Here’s how I currently see software development. Imagine a farmer who grows cabbage. He has one large field and several smaller ones. For years, a group of farm workers harvested the cabbage by hand. It took them a full week to clear the big field. They worked carefully. Sometimes a cabbage was damaged, but overall the quality was good. Then the farmer discovers a machine. The machine harvests the entire field in one hour and delivers all the cabbage to the barn. It’s not perfect. Out of 1,000 cabbage heads, maybe 30 or 40 are damaged. The workers point this out immediately: “When we do it by hand, only 10 get damaged. Our work is higher quality.” They’re right. But the farmer replies: “You need a week for one field. The machine needs one hour.” Now the machine can harvest: the big field in the morning the next field an hour later then another and another Eight, ten, maybe twenty fields per day. The farmer doesn’t ask the workers to compete with the machine anymore. He gives them a new job: Stand in the barn. Pick up each cabbage. Check it quickly. Throw out the damaged ones. That’s the new bottleneck. And maybe, soon, the farmer buys another machine that does even that inspection automatically. The workers are still correct: hand-harvested cabbage is often better. But it no longer matters economically. The speed difference overwhelms the quality difference. This is where software development is heading. Engineers are right when they say manual coding can be higher quality in many situations. But it is orders of magnitude slower. That gap is so large that even imperfect AI-generated code wins. And the quality improves every month. If it doesn’t improve, it gets cheaper. If it doesn’t get cheaper, it gets smaller. And once it’s small enough, it runs on your own hardware. There is no visible ceiling yet. So the role changes. From writing code to reviewing code to supervising systems that write and review code. Like the farm workers in the barn. Not because their work was bad. But because the machine changed the economics.