Claude Code source leaks via npm map

// 57d agoSECURITY INCIDENT

Claude Code source leaks via npm map

A `.map` file exposed in Anthropic’s npm package appears to have exposed the Claude Code CLI source, triggering a wave of security discussion. The incident looks like a packaging mistake rather than a model leak, but it still hands outsiders a readable view into the tool’s internals.

// ANALYSIS

This is more embarrassing than catastrophic: source maps can reconstruct minified JavaScript/TypeScript, but they do not expose Claude model weights or Anthropic’s backend by themselves.

–Claude Code is a local CLI client, so the biggest exposure is implementation detail: prompts, permission logic, command flow, and integrations.
–Security researchers now get a much easier audit surface for bugs and guardrail weaknesses, which is useful, but so do copycats and attackers.
–For developers, this is a reminder that npm publishing hygiene matters; a stray sourcemap can undo most of the obscurity in a shipped bundle.
–The incident may accelerate forks, reverse-engineering, and comparisons with other AI coding CLIs, especially among users already sensitive to trust and provenance.

// TAGS

claude-codeai-codingclidevtoolagentsafety

DISCOVERED

57d ago

2026-03-31

PUBLISHED

57d ago

2026-03-31

RELEVANCE

8/ 10

AUTHOR

WhyLifeIs4

// KEEP READING

More AI developer news from the feed

EXPLORE FULL FEED

OPEN SOURCE44m ago

Plannotator 0.19.24 adds Amp support and configurable storage

Plannotator 0.19.24 is a substantial release that expands the tool beyond Claude Code with native Amp support, adds a `PLANNOTATOR_DATA_DIR` override so users can move the default `~/.plannotator` data directory, introduces Auto Mode in the permission selector for newer Claude Code versions, and fixes a Pi approval crash after plan acceptance. The update folds multiple stacked PRs into one release and pushes the project further toward a multi-agent review layer rather than a single-agent hook utility.

UPDATE1h ago

Grok Build widens access, adds subagents

xAI’s Grok Build is an early-beta terminal coding agent with plan-review-approve flows, parallel subagents, worktree isolation, and support for plugins, hooks, skills, and MCP. The latest improvements make it feel less like a demo and more like xAI’s bid to compete seriously in the AI coding CLI race.

MODEL1h ago

Krea 2 lands on Replicate

Krea 2 is now available on Replicate, giving developers access to Krea's style-first image model outside the Krea app. It emphasizes aesthetic diversity, style control, and reference-driven creative workflows.