If you're watching your LLM API bill climb and wondering where all those tokens are going, here's a uncomfortable truth: your models are writing code you don't need them to write. A deep-dive analysis from developer Jim, posted to Hacker News on June 25th, quantifies exactly how much output token waste comes from LLMs defaulting to legacy patterns when native Web APIs have already solved those problems—correctly and securely—for years.

The Token Math Is Brutal

Output tokens cost three to five times more than input tokens in most LLM API pricing models. Yet that's where the bloat lives. When Claude or GPT-4 generates a manual URL query string parser, it's burning roughly 140 output tokens doing work that URLSearchParams handles in about 12 tokens—roughly a 92% reduction per occurrence. Form handling? The model will generate state tracking and change handlers for every field when Object.fromEntries(new FormData(event.target)) does the same job in 14 tokens versus 200-plus. AbortController timeout wrapping runs to ~90 tokens; AbortSignal.timeout() takes 12.

Patterns That Compound

The real damage shows up in complete request handlers. A Deno handler parsing params, reading form data, and querying a database—written in the model's default style—runs to 400–600 output tokens of infrastructure alone before any business logic. The same handler using native APIs throughout lands at 60–90 tokens. That's not marginal improvement; that's an order of magnitude difference on boilerplate code that executes identically either way.

Security Isn't a Side Effect, It's the Point

Manual implementations don't just waste tokens—they introduce bugs the platform already fixed. Query parameter parsing with params[key] = value is a prototype pollution vector. Custom decodeURIComponent calls fail silently on malformed input. setTimeout-based abort patterns leak timers when cleanup paths are skipped during refactoring. The native Web API equivalents—URLSearchParams, AbortController.timeout(), Promise.allSettled()—are spec-compliant and have been interoperability-tested across every major browser and runtime. They were implemented by the people who wrote the spec. Your LLM's hand-rolled versions were written from memory by a pattern-matching system trained on code that got things partly wrong.

The Comment Problem Nobody Talks About

MITRE research published in June 2025 (Sabetto et al.) found that comments aren't neutral metadata—models follow comment intent even when it contradicts the actual code. Inaccurate comments, like those describing old behavior before a refactor, degraded LLM comprehension below the no-comment baseline. Worse than silence. The fix isn't fewer comments; it's better comments. State design constraints and invariants. Why this function doesn't catch its own errors. What must not change during refactoring. "Loop over items" above items.forEach() is noise that costs tokens with zero return.

What Actually Works in Prompts

General style guidance produces marginal improvement, according to Wang et al. (ACM, 2024–2025). Naming specific APIs explicitly—making the correct answer available before generation—produces visible results. The author recommends directives like: use Web APIs natively (URL, URLSearchParams, FormData, AbortController, fetch, Promise.allSettled()) and semantic HTML (

,
, native form constraint validation) instead of JavaScript implementations. Pair that with comment discipline: state design constraints and why, not what the code does.

Formatting Is Real But Secondary

Pan, Sun et al. ("The Hidden Cost of Readability," August 2025) measured ~24.5% input token reduction from removing indentation, blank lines, and alignment whitespace—with essentially no accuracy change. That's real savings on the cheaper side of the pricing equation. But input tokens cost one-third to one-fifth what output tokens cost. The formatting work is worth doing; it's not the main event.

Key Takeaways

  • Native Web APIs (URLSearchParams, FormData, AbortSignal.timeout(), Promise.allSettled()) cut output token costs by 85–92% per pattern versus manual implementations
  • A complete request handler drops from ~500 tokens to ~80 tokens using native APIs throughout—before any application logic
  • Manual URL parsing is a prototype pollution vector; custom abort patterns leak timers; both are solved correctly by the platform
  • Stale comments actively degrade LLM comprehension below no-comment baselines; write design intent, not code restatement
  • Explicit API directives in prompts outperform general style guidance for consistent output quality

The Bottom Line

The biggest lever in your token budget isn't prompt engineering wizardry—it's telling the model what your runtime already ships. Deno implements Web APIs natively: URL, fetch, FormData, AbortController, Promise.allSettled(),

. Use them. Your LLM doesn't know that unless you say so, and until you do, it's going to keep solving solved problems at 7–10× the necessary cost while introducing security bugs the platform already patched. That's not an AI failure—that's a context problem. Someone has to provide it.