software

Why TODOs rot — and how I built a tool to make them expire

Published: (January 15, 2026 at 06:50 PM EST)
2 min read
Source: Dev.to

Source: Dev.to

Cover image for Why TODOs rot — and how I built a tool to make them expire

Every codebase I’ve worked on has the same graveyard.

It’s not in a folder.
It’s in the comments.

// TODO: remove later
// FIXME: temporary hack
// HACK: this is ugly

We write them with good intentions, tell ourselves we’ll come back, and almost never do. Six months later nobody remembers why that code exists, but now it’s part of production — and touching it feels dangerous. That’s not laziness; it’s how software systems work.

The real problem with TODOs

A TODO is a promise with no deadline. Without a deadline:

  • It has no owner
  • It has no priority
  • It has no cost

So it quietly rots. Teams don’t ignore tech debt because they don’t care — they ignore it because nothing forces it to surface.

I wanted TODOs to behave like real work

Bugs don’t get ignored because:

  • CI fails/warns
  • Tickets get created
  • People get paged

What if technical debt worked the same way? That question led me to build a small open‑source CLI called DebtBomb.

How DebtBomb works

Instead of writing:

// TODO: remove later

You write:

// @debtbomb(expire=2026-02-10, owner=pricing, reason="temporary promo logic")

You’re saying: “This code is allowed to exist — but only until this date.”

DebtBomb scans your code in CI. When the expiry date passes:

  • The build fails or warns
  • A Jira ticket is created or updated
  • Your team is notified in Slack, Discord, or Microsoft Teams

The debt becomes visible, owned, and impossible to ignore.

Why this changes behavior

The magic isn’t in the parsing; it’s in the pressure. Once developers know that:

  • Expired debt blocks deploys
  • It shows up in Jira
  • It pings the team

They stop writing vague TODOs and start making real decisions:

  • “Do I actually need this?”
  • “Who owns it?”
  • “When will it be removed?”

Debt becomes a contract, not a hope.

It’s language‑agnostic and stupidly simple

DebtBomb doesn’t need to understand your code; it just reads comments. That means it works with any language that supports comments, such as:

  • Go
  • TypeScript
  • Python
  • Rust
  • Java
  • Bash
  • Anything with comments

No ASTs, no compilers—just plain text.

DebtBomb integrates with:

  • Jira
  • Slack
  • Discord
  • Microsoft Teams

So expired debt doesn’t fail silently — it shows up where your team already works.

You can try it in 30 seconds

go install github.com/jobin-404/debtbomb/cmd/debtbomb@latest
debtbomb check

Repo: github.com/jobin-404/debtbomb

I’d love your feedback. This started as a personal itch, but it turns out a lot of people hate how TODOs rot.

If you’ve dealt with technical debt in production systems, I’d love to hear:

  • How do you track “temporary” code today?
  • What would make a tool like this actually usable in your team?
Back to Blog

Related posts

Read more »