On March 31, Anthropic, the AI company behind the Claude models, faced a significant security breach when the complete source code of its AI coding tool, Claude Code, was leaked. Security researcher Chaofan Shou discovered the leak, which resulted from a packaging error within the npm package. A 60MB source-map file (cli.js.map) inadvertently exposed the entire TypeScript codebase, allowing anyone to access 1,906 proprietary source files that included key components like API design and telemetry systems.
Despite previous incidents where an earlier version of Claude Code was exposed in a similar fashion, the company failed to prevent this recurrence. The incomplete release of the source map not only risked proprietary information but also quickly led to the codebase being archived on a public GitHub repository, garnering over 1,100 stars within hours. While no user data was compromised, the leak poses serious concerns about internal architecture security.
Source link
