The Claude Code Leak: How a 500,000-Line npm Blunder Became a Golden Ticket for Hackers

The recent inadvertent exposure of the internal source code for one of the most prominent artificial intelligence instruments of our era has unexpectedly metamorphosed into a seductive lure for cyber-adversaries. A lapse in the publication of a package ignited a chain reaction—transitioning from the instantaneous dissemination of files to the emergence of malignant replicas specifically engineered to ensnare developers.

The catastrophe unfolded on March 31, 2026, when Anthropic erroneously included a source map file within a public npm package. Consequently, over half a million lines of TypeScript code pertaining to Claude Code—a terminal-based programming assistant—were cast into the public domain. While user telemetry and model weights remained sequestered, the disclosure laid bare the internal architecture and operational intricacies of the product.

Following the revelation by specialist Chaofan Shou on social media, the archive metastasized across GitHub with startling celerity. Repositories containing the replicas were cloned and bifurcated on a massive scale, fostering an environment ripe for subversion. Marauders acted with alacrity, publishing fraudulent projects masquerading as the “leaked” iteration of Claude Code.

The Zscaler ThreatLabz vanguard unmasked one such offensive. A malignant repository, hosted by the user idbzoomh, ascended to the zenith of search results; the page promises an “unlocked” enterprise edition devoid of constraints, yet in lieu of source code, it offers an archive containing a Rust-based executable.

Upon execution, the program orchestrates the ingestion of the Vidar stealer, designed to exfiltrate credentials, alongside the GhostSocks component—a proxy utilized for the redirection of network traffic. This stratagem mirrors antecedent attacks involving counterfeit installers, where venomous modules were disseminated under the guise of utilitarian software.

The perils extend beyond mere social engineering. The leaked code enshrine details regarding orchestration mechanisms, memory architectures, command execution strata, and clandestine configurations. Since Claude Code possesses the faculty to interface with local shells and autonomously execute scripts, the availability of its comprehensive source code empowers adversaries to devise precise, surreptitious offensives. Enticing a developer to open a venomous project or clone a suspect repository suffices to grant an interloper sovereign access to the system.

Specialists exhort organizations to immediately fortify their developmental environments. Developers are counseled to disregard any unofficial conduits offering “leaked” code and to utilize exclusively verified builds. Supplementary protection is afforded by network segmentation and the adoption of a Zero Trust paradigm. Furthermore, the surveillance of outbound connections and the rigorous auditing of local npm packages remain vital measures in the timely identification of a compromised state.