"The leak actually resulted from a reference to an unobfuscated TypeScript source in the map file included in Claude Code's npm package, which pointed to a zip archive hosted on Anthropic's Cloudflare R2 storage bucket."
"Contained in the zip archive is a wealth of info: some 1,900 TypeScript files consisting of more than 512,000 lines of code, full libraries of slash commands and built-in tools."
"While this exposure gives us a look at a fresh iteration of Claude Code straight from the leaky bucket, it's not blowing the lid off of something that was a secret until now."
"Far more interesting is the fact that someone at Anthropic made a significant error that led to this exposure, raising questions about security practices."
The npm package for Claude Code inadvertently revealed its entire source code when a mapping file included a reference to unobfuscated TypeScript files. Security researcher Chaofan Shou discovered the exposure, leading to the source code being backed up on GitHub and widely disseminated. The leak contained approximately 1,900 TypeScript files and over 512,000 lines of code. While this exposure provides new insights, Claude Code has been previously reverse engineered, and the leak serves as a comparison point for existing projects.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]