The Svelte 5 bugs your AI code reviewer misses

Generic AI reviewers are built to read any diff on GitHub. That is the problem. They read a .svelte file like plain JavaScript. The syntax checks out, so they wave it through, and they miss the bugs that come from how Svelte and SvelteKit actually run. Those bugs compile, pass review, and break in production.

Why a framework-blind reviewer misses the real bugs

A reviewer that only sees JS syntax cannot reason about what runs on the server versus the client, what is reactive, or what ends up in the browser bundle. That is where SvelteKit bugs live. Here are the ones I kept hitting.

1. Server-only env reaching the client

Importing a secret straight into a component usually gets caught at build. The sneaky version does not: a secret pulled in a universal load and returned to the page, or a PUBLIC_ prefix on a var that should have stayed private. The diff looks fine and the secret is now in your client bundle.

Why a framework-blind reviewer misses the real bugs

1. Server-only env reaching the client

The Svelte 5 bugs your AI code reviewer misses

The Svelte 5 bugs your AI code reviewer misses

Related reading

The 10 Svelte 5 & SvelteKit footguns your AI review bot waves through — and how…

Code that looks right and lies: a field guide to intent↔code drift

The AI-generated C# that passes review and breaks in production

Introducing aislop: the quality gate for AI-written code

Introducing aislop: The Quality Gate for AI-Written Code

AI Writes the Code. But Who Checks It?

Related reading

The 10 Svelte 5 & SvelteKit footguns your AI review bot waves through — and how…

Code that looks right and lies: a field guide to intent↔code drift

The AI-generated C# that passes review and breaks in production

Introducing aislop: the quality gate for AI-written code

Introducing aislop: The Quality Gate for AI-Written Code

AI Writes the Code. But Who Checks It?