Contents
In brief
Node.js core is debating a petition to ban AI-written code after a pull request of nearly 19,000 lines — reportedly mostly model-generated. A Dev.to piece frames it not as a war on Copilot, but as a crisis of review scale and CLA legal ambiguity.
What happened
TSC member Matteo Collina submitted a large pull request (the article mentions VFS work). Long-time contributor Fedor Indutny and others started a petition to reject machine-generated code in the runtime repo the web stack depends on.
The author notes: a seasoned maintainer might carefully review hundreds, maybe a thousand lines per session. 19,000 lines is not a PR — it is load you cannot review like a hand-written patch.
Why it matters
| Factor | Risk |
|---|---|
| Generation speed >> review speed | Hidden regressions in the runtime |
| CLA «this is my work» | Who owns model output trained on others’ repos? |
| Volunteer maintainers | Burnout and key people leaving |
| Supply chain | A Node bug becomes an incident for millions of apps |
The petition essentially says: OSS process and legal framing were not built for AI «cannons» into core. It is not a ban on using AI locally for prototypes.
Other foundations will hit the same fork: disclose AI use, ban it, build detectors — none perfect, but ignoring the problem is worse.
In practice
- In your repos: CONTRIBUTING policy on AI-assisted work and whether every line in security-critical paths needs human review.
- Do not dump giant generated diffs on upstream «for the community to review» — split, test, own the change.
- Enterprise Node forks: watch TSC outcomes — provenance requirements may appear.
- Keep AI out of «critical core with no big red revert button» or use it as an assistant, not the author of 19k LOC overnight.
Takeaway
The Node.js fight is an early industry signal: generation outran governance. A sane stance now is stricter rules for AI code in shared infrastructure and honest review discipline in application repos.

