Tags: npm

Anthropic confirmed that an employee error caused the Claude Code AI assistant source code to be exposed through a map file in its npm package. The leak included roughly 1,900 TypeScript files containing over 500,000 lines of code stored in a Cloudflare R2 bucket. Anthropic emphasized that no customer data or credentials were compromised and described the incident as a packaging mistake rather than a security breach. The company said it is implementing safeguards to prevent similar errors, while the leak was quickly mirrored on GitHub amid ongoing discussions about recent Claude vulnerabilities and high user demand. Ler mais

Hackers orchestrated what is likely the largest supply‑chain attack ever 2 billion weekly npm downloads, compromising nearly two dozen open‑source packages. The breach began with a phishing email that tricked maintainer "Qix" into revealing his two‑factor authentication credentials. Within an hour, malicious code was added to dozens of packages, enabling the theft of cryptocurrency by monitoring transactions and redirecting payments to attacker‑controlled wallets. Researchers say the targeted selection of foundational JavaScript libraries vastly expands the attack’s reach across the ecosystem. Ler mais