Glossary

Short, honest definitions for the terms you'll hit most when reviewing AI-generated code. Every entry links back to the checklist item it belongs to.

Vibe Coding

Vibe coding is a term coined in early 2025 by Andrej Karpathy describing a workflow where you describe what you want in natural language and...

In the context of AI-generated code, a hallucination is when the model confidently produces something that doesn't actually exist — an impor...

An N+1 query is a performance anti-pattern where you run one query to fetch a list of N items, then loop and run one more query per item — N...

SQL injection is when user input gets concatenated directly into a SQL query, letting an attacker rewrite the query itself. The classic exam...

A rate limit is a cap on how many times a given client can hit an endpoint within a time window — say, 100 requests per minute per IP. Witho...

CORS (Cross-Origin Resource Sharing) is a browser security rule: if JavaScript on `a.com` wants to call an API on `b.com`, the server at `b....

A null check is guarding code against the case where a value you expected to exist is actually missing — `null`, `undefined`, `None`, empty ...

A secret in the client bundle means an API key, database password, or signing token got baked into JavaScript that ships to the browser. Eve...

An auth check is the line of code at the top of a protected route that answers 'is this request from someone who is actually allowed to do t...

Silent deletion is when an AI assistant edits a file and quietly drops a block of code you needed — a validation step, an error handler, a f...

Env validation is the step where, on startup, your app checks that every environment variable it needs is actually defined and has a plausib...

Prompt injection is when content that gets fed into an LLM — a user's message, a scraped webpage, a PDF — contains instructions that overrid...