AI/ML

Claude Code source code inadvertently leaked

(Adobe Stock)

Anthropic, the firm behind Claude Code, has accidentally included an unobfuscated TypeScript source in the AI coding tool's npm package, exposing over 500,000 lines of code, built-in tools, and full slash command libraries, reports The Register.

According to Chaofan Shou, a researcher who discovered the leak, the map file contained a reference to a Cloudflare R2 storage bucket-hosted zip archive. Antrophic confirmed the exposure, clarifying that it was due to human error and not a security breach. Preventive measures are reportedly being implemented.

"A single misconfigured .npmignore or files field in package.json can expose everything," wrote software engineer Gabriel Anhaia in his analysis of the leak. The exposed source code has been uploaded to a GitHub repository and has been forked at least 41,500 times. The original uploader on GitHub modified his repository to show a Python feature version instead of the publicly leaked source due to potential legal responsibility concerns.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds