Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

The Hacker News by The Hacker News
April 1, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Ravie LakshmananApr 01, 2026Data Breach / Artificial Intelligence

Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human error.

“No sensitive customer data or credentials were involved or exposed,” an Anthropic spokesperson said in a statement shared with CNBC News. “This was a release packaging issue caused by human error, not a security breach. We’re rolling out measures to prevent this from happening again.”

The discovery came after the AI upstart released version 2.1.88 of the Claude Code npm package, with users spotting that it contained a source map file that could be used to access Claude Code’s source code – comprising nearly 2,000 TypeScript files and more than 512,000 lines of code. The version is no longer available for download from npm.

Security researcher Chaofan Shou was the first to publicly flag it on X, stating “Claude code source code has been leaked via a map file in their npm registry!” The X post has since amassed more than 28.8 million views. The leaked codebase remains accessible via a public GitHub repository, where it has surpassed 84,000 stars and 82,000 forks.

A source code leak of this kind is significant, as it gives software developers and Anthropic’s competitors a blueprint for how the popular coding tool works. Users who have dug into the code have published details of its self-healing memory architecture to overcome the model’s fixed context window constraints, as well as other internal components.

These include a tools system to facilitate various capabilities like file read or bash execution, a query engine to handle LLM API calls and orchestration, multi-agent orchestration to spawn “sub-agents” or swarms to carry out complex tasks, and a bidirectional communication layer that connects IDE extensions to Claude Code CLI.

The leak has also shed light on a feature called KAIROS that allows Claude Code to operate as a persistent, background agent that can periodically fix errors or run tasks on its own without waiting for human input, and even send push notifications to users. Complementing this proactive mode is a new “dream” mode that will allow Claude to constantly think in the background to develop ideas and iterate existing ones.

Perhaps the most intriguing detail is the tool’s Undercover Mode for making “stealth” contributions to open-source repositories. “You are operating UNDERCOVER in a PUBLIC/OPEN-SOURCE repository. Your commit messages, PR titles, and PR bodies MUST NOT contain ANY Anthropic-internal information. Do not blow your cover,” reads the system prompt. 

Another fascinating finding involves Anthropic’s attempts to covertly fight model distillation attacks. The system has controls in place that inject fake tool definitions into API requests to poison training data if competitors attempt to scrape Claude Code’s outputs.

Typosquat npm Packages Pushed to Registry

With Claude Code’s internals now laid bare, the development risks provide bad actors with ammunition to bypass guardrails and trick the system into performing unintended actions, such as running malicious commands or exfiltrating data.

“Instead of brute-forcing jailbreaks and prompt injections, attackers can now study and fuzz exactly how data flows through Claude Code’s four-stage context management pipeline and craft payloads designed to survive compaction, effectively persisting a backdoor across an arbitrarily long session,” AI security company Straiker said.

The more pressing concern is the fallout from the Axios supply chain attack, as users who installed or updated Claude Code via npm on March 31, 2026, between 00:21 and 03:29 UTC may have pulled with it a trojanized version of the HTTP client that contains a cross-platform remote access trojan. Users are advised to immediately downgrade to a safe version and rotate all secrets.

What’s more, attackers are already capitalizing on the leak to typosquat internal npm package names in an attempt to target those who may be trying to compile the leaked Claude Code source code and stage dependency confusion attacks. The names of the packages, all published by a user named “pacifier136,” are listed below –

  • audio-capture-napi
  • color-diff-napi
  • image-processor-napi
  • modifiers-napi
  • url-handler-napi

“Right now they’re empty stubs (`module.exports = {}`), but that’s how these attacks work – squat the name, wait for downloads, then push a malicious update that hits everyone who installed it,” security researcher Clément Dumas said in a post on X.

The incident is the second major blunder for Anthropic within a week. Details about the company’s upcoming AI model, along with other internal data, were left accessible via the company’s content management system (CMS) last week. Anthropic subsequently acknowledged it’s been testing the model with early access customers, stating it’s “most capable we’ve built to date,” per Fortune.



Source link

The Hacker News

The Hacker News

Next Post
Post Office scandal supplier Fujitsu to cut nearly 10% of UK workforce | Computer Weekly

Post Office scandal supplier Fujitsu to cut nearly 10% of UK workforce | Computer Weekly

Recommended.

With RS, the future of discrete manufacturing is now

With RS, the future of discrete manufacturing is now

August 6, 2025
Maya and Duránd’s Superintelligence Human-Enhancement Technology Company, Labs, Raises  Million Series Seed II at a .5 Billion Valuation to Accelerate Yuhmmy App 2.0, YuhmmyAI and Yuhmmy AR/VR; Solely Led by JetDebt Finance

Maya and Duránd’s Superintelligence Human-Enhancement Technology Company, Labs, Raises $35 Million Series Seed II at a $12.5 Billion Valuation to Accelerate Yuhmmy App 2.0, YuhmmyAI and Yuhmmy AR/VR; Solely Led by JetDebt Finance

September 9, 2025

Trending.

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

May 19, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio