avallachMar 31
Tillmann Werner

Two scenarios possibly resulting from today's Claude Code source code leak¹:

1. Attackers study the built-in permission system to figure out how to bypass it. Claude Code is the target here. It is strange that the software requesting permission is the same that enforces security boundaries, anyway.

2. Attackers distribute custom builds that
do nasty stuff like stealing API keys, running commands, backdooring code. Here, a specially crafted Claude Code is the attack vector.

¹: https://x.com/Fried_rice/status/2038894956459290963

Chaofan Shou (@Fried_rice) on X

Claude code source code has been leaked via a map file in their npm registry! Code: https://t.co/jBiMoOzt8G

X (formerly Twitter)
Mar 31 at 3:57pmWeb
Show threadPhilipMar 31
@tillmannwerner people calling this a "source code leak" when the application shipped said source code in minified (not even obfuscated) form for a long time 🙃
Show threadTillmann WernerMar 31
@oilheap https://github.com/anthropics/claude-code/pull/41447 😆
feat: open source claude code ✨ by gameroman · Pull Request #41447 · anthropics/claude-code

Closes #59 Closes #456 Closes #2846 Closes #22002

GitHub