Anthropic inadvertently disclosed critical details about its AI tool, Claude Code, through a publicly accessible JavaScript source map file. The incident occurred with version 2.1.88 of the @anthropic-ai/claude-code package on npm, revealing a 512,000-line TypeScript codebase. The leak attracted significant attention after an intern highlighted the discovery on X, leading to widespread analysis by developers. Key findings included a “Self-Healing Memory” system designed to enhance context management in AI, utilizing pointers to efficiently retrieve data without overloading memory. Features like KAIROS allow Claude Code to function as a background agent, while “Undercover Mode” ensures anonymous contributions to projects. The leak poses significant security risks, with potential threats emerging from exploit opportunities. Anthropic has urged users to switch to its native installer, avoid the compromised version, and adopt a zero-trust approach to system security. This incident jeopardizes valuable intellectual property amidst the company’s reported $19 billion annualized revenue run-rate.
Source link
