What caused the Claude Code source leak?

Packaging error in npm version 2.1.88 bundled source maps—human slip, per Anthropic. Code's public on GitHub now.

Are there malicious packages from the leak?

Yes—typosquats like audio-capture-napi by pacifier136. Empty now, but update risk high. Check your deps.

Should I stop using Claude Code?

Audit first: downgrade if on bad version, rotate secrets. Core tool's solid, but watch supply chain.

Claude Code Leak Hands Rivals AI's Secret Sauce

Anthropic's Claude Code internals just spilled onto GitHub via a sloppy npm release. Competitors now have a roadmap to its self-healing agents and stealth features.

Threat Digest Apr 03, 2026 4 min read 29 views

GitHub repository of leaked Claude Code source with thousands of stars and forks

⚡ Key Takeaways

Leak exposes Claude Code's agentic features like KAIROS and Undercover Mode, handing rivals a blueprint. 𝕏
Typosquatting attacks on internal npm names are live—downgrade and scan immediately. 𝕏
Anthropic's back-to-back slips signal scaling pains; expect open-source clones to fragment market. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#AI agent architecture #AI source code exposure #Anthropic security #Claude Code leak #npm supply chain attack #npm typosquatting

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by The Hacker News

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

Claude Code's Epic Leak Turns GitHub into a Malware Minefield

Axios NPM Breach: North Korea's Precision Strike on JS Devs

ChatGPT's Silent Data Leak, Android Rootkits Infect Millions, Ransomware Hits Water Plants: The Real Cyber Peril

Google Cloud Authenticator: The Cloud Brain Powering Your Passwordless Future — And Its Sneaky Vulnerabilities

Stay in the loop