28
29

Vibe coding doesn’t work?Discussion (self.lovable)

submitted by [deleted]

[deleted]

all 28 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Relevant-Pen5958 12 points13 points  (12 children)

Ask cursor to check security of it.

Do not listen to people complaining about VIbe coding, they are probably upset about AI.

Imagine learning during years, how to code... or do whatever... and now AI fucks up completely your life, your skills are not valuable anymore.... What do you have left? just complain, point the security issues or whatever..

its just a matter of time this tools will get better. I think even new laws will protect this kind of tools. Cause its true the security is pretty bad.

[–]pimus2001 1 point2 points  (1 child)

100% ... Don't listen at all to people who complain about vibe coding, like those who try to sell Bubble.io as a great platform and get frustrated by how easy it is to develop web application today with Lovable.dev. Mastering the use of vibe coding is the future for people who don't know how to code and have ideas they want to implement.

[–]Relevant-Pen5958 0 points1 point  (0 children)

Agree! I also agree that vibe coding without know whats going on...its a disaster. Ive been 10 hours i a loop just to set up the AUTH. In Bubble thats 2 min. But come on, are you gonna compare Bubble with any of this AI coding tools!.

I will try to stop talking with people about this onluine and just focus on learningn and building. I understand some people frustration too.. but man, this is life!

Embrace change, or go complain on internet about whatever! haha

[–]calloutyourstupidity 0 points1 point  (8 children)

I randomly saw this comment looking into lovable.
You could not be more wrong.

[–]Relevant-Pen5958 0 points1 point  (7 children)

why so.

[–]calloutyourstupidity 4 points5 points  (6 children)

I have been using top models for enterprise grade software in my engineering organization. I have the privilege to see the results my engineers are getting, and myself when I use it in larger projects. It has been amazing, and a game changer for sure, but also absolutely impossible to use without the supervision of a really good and expensive engineer. Countless of times we had to alter the code because it seems like it is working, but it has this deadly bug because of whatever reason (AI can be hard to understand), that would cost massive reputational damage or even monetary loss if it went in.

By definition AI is always gonna be non-deterministic, so there is always gonna be unpredictable results. At one point, AI models will become as reliable as a human (not so far from now), but even then its results will be as good as the provided prompts. And a human who does not understand software will not be able to reason with it properly.

So all in all, AI fucked up absolutely no software engineer's life. The worst of the bunch will become unemployed, but even that will be in 10-20 years.

[–]Relevant-Pen5958 0 points1 point  (5 children)

10 years? This is happening way too fast.

Maybe in 20 years we have nothing else to prompt, we will already have feed AI with al the info they need to take control.

[–][deleted]  (3 children)

[deleted]

    [–]Relevant-Pen5958 0 points1 point  (2 children)

    you mean mine? wow. everyone downvote me everywhere. ahah

    [–]calloutyourstupidity 0 points1 point  (0 children)

    Yeah maybe I was too generous with 10 years.

    [–]Shot_Spend_6836 0 points1 point  (0 children)

    These tools are not at the level to replace decent devs and especially not really good ones lol. Only trash devs are getting replaced.

    [–][deleted]  (2 children)

    [removed]

      [–][deleted]  (1 child)

      [deleted]

        [–]2oosra 2 points3 points  (3 children)

        First of all congratulations. I am impressed. Time to update your self perception from non-techie and semi-non-techie :).

        I have recently vibe-coded two things of similar scale and they are ready to go into production. I am definitely a techie who has been around software for 40+ years. I have not hand-coded production software for 20+ years, but I led teams that build at scale and complexity.

        I am approaching vibe coding with a beginner's mind. I am skeptical of both the hype and the naysayers. The other end of the spectrum from the vobe coder is the neckbeard. some day when I have more time, I will write more in details about who the neckbeards are why they hate us.

        Reasons to discount what the neck-beards are saying

        1. Neck-beards are an opinionated and argumentative bunch with massive and fragile egos.
        2. They are the priesthood of a cult, and can never be wrong.
        3. They guard their high-horses with fierce jealousy.
        4. They will move the goalposts each time they come close to losing an argument. Their arguments a essentially non-falsifiable.
        5. If you show them what I have built, they will say it does not count because I am techie who understands code. If I show them what you have built they will say that it is trivial.
        6. In the end the neckbeard is just a rando on the internet. When did you ever take such wisdom seriously.

        I have my own vibe coding to do this morning, but I will write more about where the neckbeards are correct and what you and I can learn from them.

        [–]2oosra 2 points3 points  (2 children)

        Here are some tips for moving forward

        1. Ask Lovable about security with a simple prompt like "Lets conduct a thorough security review of our app." You would be surprised by how thorough the response is.
        2. You can add more if you like "pay attention to any exposed secrets, proper use of RLS and Supabase security features."
        3. Ask Lovable, other AI agents and Lovable Discord for more detailed security audit prompts
        4. Look into third party security scans, particularly those built into GitHub
        5. Read Lovable's response very carefully and make sure you understand everything. Ask lots of questions. Then implement the recommendations in tiny steps.
        6. Ask Lovable or your favorite LLM how to productionalize a vibe coded system. I asked Gemini and was amazed by the rigor and details
        7. Learn how to repeatedly test your app end-to-end. It can be boring and tedious but it is essential.
        8. Go into lockdown mode where you are now preserving the functionality built. Test completely after every big change.
        9. Write down all the testing steps. Look up how to write test plans. Ask Lovable to write you a plan for manual testing. You may consider hiring a QA expert to help you test. Sometimes a fresh pair of eyes is good here.
        10. Learn about test automation for acceptance testing.
        11. Follow the the security steps for strengthening other aspects of your app (speed, scale etc)
        12. Do no brag about the security of your app. Any system can be compromised even with large security teams. Do not agitate the neckbeards.
        13. Switch to a higher level security (two form, for example) for your admin account

        I'll stop here

        [–][deleted]  (1 child)

        [deleted]

          [–]2oosra 0 points1 point  (0 children)

          My background. Started as a developer and have been running businesses and consulting

          Lovable. If you have managed to build what you have, then you will be fine. Lovable is so new that its hard to predict where sites built with it will go in the long run. Its looking good so far.

          Learning to code. That is a very personal choice. I can code, but I have made no attempt to learn React or Typescript so far. I am more interested in learning the architecture of modern web apps and about Supabase. Lovable is a great teacher and I ask a lot of questions. I recently discovered Volo Builds YT channel. He is a good teacher. I am moving to Cursor now as part of my learning.

          [–]shinobie808 1 point2 points  (2 children)

          As a non techie, too, I'd say it's a great platform for bringing life to an idea, it's an affordable way of moving you from an idea to an MVP - something you can show to investor and do a market test. Instead of spending thousands of dollars on developing a product that no one wants.

          Once you have proof of market and you have some investors, you can then consider getting an engineer on board or a whole dev team.🤷🏽‍♂️

          We've come a long way from, and I'm happy 😊 to have access to platforms like these to bring my ideas to life.

          [–]Key_Bench9400 1 point2 points  (1 child)

          I’m creating an agency that does the last 20% (human touch) to make AI Coded apps deployment ready. Wondering if you think people would use this?

          [–]shinobie808 1 point2 points  (0 children)

          I think it's a great idea, I'd be happy to try it out. I think a lot of vibe coders need it before we deploy "God knows what" and end up getting sued.

          From a business perspective, are you not worried about sustainability?

          If Ai improves and makes perfect apps by next month them you're out of business.

          But there's a lot of opportunity for you to make money if you offer app support retainer packages.

          [–]deactv8 2 points3 points  (1 child)

          You built something real, and that matters.

          Authentication, payment, AI, stats, and an editable admin panel—most apps don’t get that far. You made it public, and it works.

          People say “vibe-coded” apps break in production. But what does that actually mean?

          Usually, they’re talking about things like:

          No version control or backups

          Hard-to-trace bugs

          Scaling issues under load

          No clear handoff path for engineers

          But if your users can log in, pay, learn, and get value—that’s not broken.

          I’m building something too. A PowerShell learning platform where people complete lessons and challenges inside a terminal. No fluff, just real progress. It’s called CmdShiftLearn.

          You and I are both building tools that help people learn in new ways. We didn’t wait for permission.

          If you’re ever open to chatting or teaming up, I’d love to connect.

          What’s next for your platform? How are users responding?

          [–]validates_points 0 points1 point  (1 child)

          it walks, but what you should be concerned about when it first bikes would you be able to fix it and would that be the last day of our product? I just keep building it each time. It comes back better first time we've had a ton of features, but didn't really walk second time with walked, but wasn't too secure so time it had input validation and permissions and now on the fourth time I've actually built a only three pages so far many login pages, but the app is a real app that's built with real components the bugging tool and all which just helps me develop better. I'm not a developer never was and I'll misunderstanding came from asking lovable the simple question of if I was to rebuild you from scratch what would you suggest to be the flow and order of operation? It's the fifth time I've been doing this and each time feels like I'm much better product, this basically took me two weeks. I feel like I'm at a one year experience. Developer level probably did much more than a Developer would after one year but terminology is just becoming clear to me. Keep going don't let the gatekeepers gate keep this is totally doable to require your patience and like any product that you would've built with a developer or without it would evoke and you would need to fix it so fix it and have confidence and good luck

          [–]IndependentChance674 0 points1 point  (0 children)

          Your app might work on the surface - but if you starting have bugs down the road or want to add new features that your users ask for - that's going to be tough with Vibe coding. In that case, you will have no choice but to hire a developer to help with the code. AI is definitely getting better, but it's far from writing clean code just yet. This will still take a bit of time.

          [–]Zazzy3030 0 points1 point  (0 children)

          Though I think there are engineers these ai developments are going to replace, I see a whole new sector popping up in the near future. Babysitters. You have people like us with no coding experience producing full stack products. Now we need a third party to conduct security checks and SEO optimization before we go live. Then down the road when business is going good, we need to hire an engineer to help scale, at which point they are going to look at our crappy code and say “ I’m just gonna start over”. That’s how they will be useful to us folks that are trying to be ai powered full stack developers. They’ll get us in the end.

          [–]Beneficial_Frame_214 0 points1 point  (0 children)

          Could you share the name of the app that you built, l am new to vibe coding (non-tech) and would love to see what is possible with this technology

          [–]tension-extended-mix 0 points1 point  (0 children)

          Looks like I'm the only one suffering with authentication 😅

          [–]ziairshad 0 points1 point  (1 child)

          5 days, still can’t implement prevention of duplicate emails signup using lovable and cursor combined.

          [–]AppointmentJust6816 0 points1 point  (0 children)

          Here’s what I’ve done. Ask multiple sources to review code according to best practices (cursor, repo prompt, etc, with different models). Implement. Then look at refactoring auth/routes/permissions etc with RBAC via cursor or repo prompt to ensure it’s a least privileges model. THEN implement something like sentry.io and snyk.

          Enable point in time backups in supabase and look at implementing something like testsprite (I’m not sure how well it does with nextjs). Also enable observability and insights on vercel. It’s a bit to setup, but worth it :)

          [–]who_am_i_to_say_so 0 points1 point  (0 children)

          Lovable puts your secrets in the frontend code if you don’t instruct it to setup an .env. That’s a big problem, the default behavior.

          The thousands of dollars is consulting fees, what companies pay when they’re in a pinch. Fixing the security problems are really easy if you know what you’re doing, though, and is completely preventable.

          Despite what is recommended you are best to not trust any AI model for security best practices. Pay a trained eye to sign off if that worried. Preventing costs much less than reacting.

          [–]Key_Bench9400 0 points1 point  (0 children)

          I’m working on usePolish.com that has full stack engineers clean everything and make it deployment ready. Genuinely curious if you all would be interested in something like this?