Overview
- Anthropic said a Tuesday npm release accidentally exposed about 512,000 lines of Claude Code via a source‑map file.
- Zscaler reported GitHub projects posing as a “Leaked Claude Code” download that install Vidar info‑stealer and GhostSocks when run.
- Adversa AI disclosed a permission‑enforcement bug in Claude Code where a 50‑subcommand cap skips deny rules, creating a path to steal developer keys and tokens.
- GitHub initially removed more than 8,000 forks under Anthropic’s DMCA request, then restored unrelated repos after the company narrowed the notice to specific URLs.
- Developers have been rewriting the leaked instructions into Python to dodge takedowns, which keeps mirrors alive despite Anthropic’s controls and reassurances that no model weights or customer data were exposed.