{"data":{"id":"c636e69a-5fd4-4500-9c25-c3d364d4ccf1","title":"Anthropic employee error exposes Claude Code source","summary":"An Anthropic employee accidentally exposed the source code for Claude Code (an AI programming tool) by leaving a source map file (.map file, a debugging file that translates minified code back to human-readable form) in a package published on npm (a registry where developers share code). This is a security risk because hackers can use source maps to understand how the code works, find vulnerabilities, and potentially steal secrets like API keys that might be hidden in the code.","solution":"According to secure coding trainer Tanya Janca, developers should: (1) disable source maps in the build/bundler tool; (2) add the .map files to the .npmignore or package.json files field to explicitly exclude them, even if generated during the build by accident; and (3) exclude them from production. Anthropic stated they are 'rolling out measures to prevent this from happening again,' though specific details are not provided in the source.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4152830/anthropic-employee-error-exposes-claude-code-source-2.html","publishedAt":"2026-04-01T02:15:55.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude Code"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-01T02:15:55.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}