📰 2026'da Sızdı: Claude Code Kaynak Kodu NPM'den Nasıl Sızdı? Anthropic'ın yapay zeka k
anthropic claude google
| Source: Mastodon | Original article
Anthropic’s Claude Code, the company’s flagship AI‑assisted coding assistant, was exposed this week when a source‑map file uploaded to the public NPM registry revealed the entire codebase. Researchers who scanned the registry for vulnerable packages spotted a `claude-code.map` file that linked minified JavaScript back to its original TypeScript sources, effectively publishing the proprietary implementation in plain text. Anthropic confirmed the breach, attributing it to a mis‑configured build pipeline that inadvertently published the map alongside the compiled package.
The leak matters far beyond a single repository. Claude Code powers a growing ecosystem of autonomous coding agents, including the recently announced Claude Code Agent Teams that let multiple AI instances collaborate on complex projects. With the internals now publicly viewable, competitors can dissect Anthropic’s prompting architecture, tool‑integration layers, and safety guards, potentially accelerating rival offerings. More immediately, the exposed source includes API keys and internal endpoints that could be weaponised to bypass usage limits—a concern echoed by earlier reports of Claude hitting its quota faster than expected (see our March 31 coverage of usage‑limit strain). Security‑focused developers also face the risk of supply‑chain attacks: malicious actors could replace the published package with a trojanized version, leveraging the trust that many CI pipelines place in NPM.
Anthropic has issued an emergency patch, removed the map file, and promised a full audit of its publishing workflow. The company will also roll out a signed‑artifact system to guarantee package integrity. Watch for a formal security advisory in the coming days, and for any signs of exploitation in the wild—particularly attempts to harvest the leaked endpoints. The incident also raises the question of whether other AI‑tool vendors have similar exposure; a broader audit of NPM‑hosted AI packages could become the next headline in the race to secure the rapidly expanding AI‑coding stack.
Sources
Back to AIPULSEN