HN 표시: 종속성에서 기능을 Yoink하고 공급망 공격을 방지합니다.

YOINK (You Only Implement Native Knowledge) is an AI agent that removes complex dependencies by reimplementing only what you need. YOINK is currently built as a Claude Code plugin that decomposes third-party dependencies into internal replacements. Instead of importing a 50k-line SDK for three function calls, point yoink at the package, describe what you need, and it reimplements only the functionality you actually use, verified against the expectations of the original library's tests. They say "don't reinvent the wheel" but what if you could? AI agents are getting good enough to own code end-to-end, and with supply chain attacks accelerating, fewer dependencies means less attack surface. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible. - Andrej Karpathy OpenAI's harness engineering article echoed this: agents reason better from reimplemented functionality they have full visibility into, over opaque third-party libraries. In some cases, it was cheaper to have the agent reimplement subsets of functionality than to work around opaque upstream behavior from public libraries. For example, rather than pulling in a generic p-limit-style package, we implemented our own map-with-concurrency helper: it’s tightly integrated with our OpenTelemetry instrumentation, has 100% test coverage, and behaves exactly the way our runtime expects. - Ryan Lopopolo (OpenAI) We are making this capability accessible to anyone. - uv — used for Python dependency management and script execution Add the yoink marketplace and install the plugin from within Claude Code: /plugin marketplace add theogbrand/yoink /plugin install yoink@yoink-marketplace /reload-plugins Navigate to any project and run /yoink:yoink : /yoink:yoink "Replace usage of litellm with my own implementation" --url "https://github.com/BerriAI/litellm" yoink runs three skills sequentially: /yoink:setup clones the target repo and scaffolds a local replacement package./yoink:curate-tests studies the reference implementation and generates new tests, verified against the expectations of the original test suite./yoink:decompose determines dependencies to keep or decompose, based on a set of principles we defined, such as "keeping foundational primitives regardless of how narrow they are used". The /yoink:yoink command runs all three in sequence. Curate tests from a target package, then decompose its dependencies into a local, dependency-free replacement. Runs in three phases: setup (Phase 1), test curation (Phase 2), and dependency decomposition (Phase 3). Usage: /yoink:yoink "" --url "" [--package ""] [--skip-test-discoverer] Options: --url - GitHub repository URL to clone and decompose (required)--package - Override the package name (defaults to the repo name from the URL)--skip-test-discoverer - Skip the test discovery step (test generation still works without discovered tests) The individual phases of /yoink:yoink are also available as separate skills, useful if a run fails midway and you need to resume from a specific phase: Scaffold the project: clone the target repo and install the real library for test validation. Usage: /yoink:setup --url "https://github.com/BerriAI/litellm" Options: --url - GitHub repository URL to clone (required)--package - Override the package name (defaults to the repo name from the URL) Phase 2: Generate and discover tests, then validate them against the real library. Requires /yoink:setup to have been run first. Usage: /yoink:curate-tests "I want to replace the usage of litellm in @sample.md with my own implementation" --package litellm Options: --package - The target package name (required) Phase 3: Dependency decomposition. Seeds the queue with the target package and iteratively decomposes each dependency. Requires /yoink:curate-tests to have been completed first. Usage: /yoink:decompose --package litellm Options: --package - The target package name (required) What is this good for? - Replacing small-to-medium utility packages with internal replacements - Packages with unclear maintenance or security posture - Reducing supply chain attack surface - Cases where you only need a subset of a package's features What is this not good for? - Large, complex frameworks (Django, Flask, etc.) - Packages with deep platform-specific bindings - Cryptographic implementations (use audited libraries) - YOINK currently only supports re-implementing Python packages, but we plan to support JavaScript packages next. To run yoink from a local clone instead of the marketplace: claude --plugin-dir ./plugins/yoink An example prompt is included in examples/litellm-sample.md to try locally: git clone https://github.com/theogbrand/yoink.git mkdir litellm-lite cp ./yoink/examples/litellm-sample.md ./litellm-lite/ cd litellm-lite c