Claude Code 源代码意外泄露于 NPM 包中
📄 中文摘要
Anthropic 最近发生了一起重大事件,其闭源工具 Claude Code 的源代码意外泄露。此事件发生在版本 2.1.88 发布到 NPM 时,包含一个大型源映射文件(cli.js.map),其中嵌入了源代码内容。这使得研究人员能够重构大约 1,900 个文件和 500,000 行代码,揭示了内部细节和即将推出的功能,如“主动模式”和“梦境模式”。虽然 Anthropic 已澄清此次事件是由于发布打包错误而非安全漏洞,并且没有客户数据被泄露,但公司正在积极发出 DMCA 通知以减少代码传播。此外,Anthropic 还在调查 Claude Code 中的一个独立“使用错误”。
📄 English Summary
Claude Code source code accidentally leaked in NPM package
Anthropic recently faced a significant incident involving the accidental leak of the source code for its closed-source tool, Claude Code. This exposure occurred when version 2.1.88 was published to NPM, containing a large source map file (cli.js.map) with embedded source content. Researchers were able to reconstruct approximately 1,900 files and 500,000 lines of code, revealing internal details and upcoming features such as 'Proactive mode' and 'Dream mode.' While Anthropic clarified that the incident resulted from a release packaging error rather than a security breach and that no customer data was exposed, the company is actively issuing DMCA notices to mitigate the spread of the code. Additionally, Anthropic is investigating a separate 'usage bug' in Claude Code.
Powered by Cloudflare Workers + Payload CMS + Claude 3.5
数据源: OpenAI, Google AI, DeepMind, AWS ML Blog, HuggingFace 等