Do not submit commits containing code, documentation, or other content written in whole or in part by a large language model (LLM), AI code-generation tool, or similar technology. This includes cases where an LLM produced a draft that the contributor then edited. Contributors must be the sole human authors of the changes they submit.
This applies to content that lands in the repository: source code, documentation, tests, tooling, and other files submitted via pull requests.
It does not apply to:
- Pull request descriptions, review comments, issue discussion, or other communication that is not part of the committed tree. Those are covered by general expectations around good-faith participation and the Code of Conduct.
- Vendored dependencies and other vendored content (e.g. code under
deps/and vendored code undertools/). That content is maintained upstream under its own governance. - AI-powered accessibility tools like screen readers or text-to-speech software, provided they do not influence the content of the contribution.
This policy cannot be fully enforced. There is no reliable way to determine whether code was written by a human or generated by an LLM. Detection tools have high error rates, and generated output can be trivially edited to avoid detection. Compliance relies on contributor good faith.
If a collaborator suspects a pull request contains LLM-generated content, they should raise the concern in the pull request. The normal consensus seeking process applies: collaborators discuss, the author can respond, and a good-faith determination is made. If consensus is that the contribution violates this policy, it must not land. If consensus cannot be reached, the matter can be escalated to the TSC.
When evaluating a concern:
- Stylistic resemblance to LLM output is not sufficient on its own. Some people write that way. Consider the contributor's history, the nature of the change, and whether they can engage with review feedback.
- Do not cite AI content-detection tools as evidence. They are unreliable.
- If a contributor is asked directly whether they used LLM tools and responds dishonestly, that undermines the good faith this policy depends on. This should weigh against them in any consensus determination.
Contributors to this project need to be able to explain their changes, respond to review, and take responsibility for what they submit. LLM-generated pull requests do not meet that bar.
Collaborators review every change on a volunteer basis. LLM-generated submissions shift the verification burden onto those reviewers, with no assurance the contributor has done that work themselves.
The copyright status of LLM output is unresolved. Training data for popular models includes material under licensing terms that may not be compatible with the Node.js license. Contributors certify their submissions under the Developer's Certificate of Origin 1.1, which requires that the contribution was created by them and that they have the right to submit it. It is not clear how anyone can honestly certify that for LLM output.
This policy can be revisited if the legal situation or the tools change.