Claude Code source leak reportedly takes new turn with suspicious npm packages

The leak of Anthropic’s Claude AI source code has seemingly taken an ugly turn. 

Developers rushing to compile the leaked materials are now being targeted by what looks like a supply chain attack on npm.

Two internal package names — color-diff-napi and modifiers-napi — were registered today by an account using a disposable email address.

Security researcher Clément Dumas highlighted the issue in a detailed thread on X. According to him, both packages were published under the username pacifier136 using a slmails.com throwaway account.

For now, they’re just empty stubs that export a basic module. But that’s exactly how these attacks often start. Someone squats on internal package names that never existed publicly, waits for people to pull them in while trying to build the leaked code, and then pushes malicious updates later.

The real Anthropic modules were never on the public npm registry. Anyone trying to compile the leaked Claude code might hit missing dependency errors and reach for npm install without thinking twice.

Dumas pointed developers toward safe local stubs instead, linking to a GitHub repo that has working placeholders for these packages. He also reached out directly to npmjs, asking them to take down the suspicious packages before anything escalates.

We’ve been following this story closely. The Claude source code first surfaced publicly yesterday after a source map file exposed hundreds of thousands of lines of TypeScript. Anthropic acted quickly by issuing DMCA takedown requests for GitHub repositories hosting the material.

That said, the speed of this npm squatting is interesting. The leak is barely a day or two old in its wider circulation, and opportunists are already moving in.

Some people responding to Dumas’ thread mentioned they’re tightening up their own build security habits after seeing how pervasive these attacks have become. One suggested always pulling from verified forks rather than trying to compile fresh from social media threads.

Someone also shared some practical global config tweaks that many developers are now recommending to block freshly published packages. These include setting <code>exclude-newer = “7 days”</code> in uv.toml, <code>min-release-age=7</code> plus <code>ignore-scripts=true</code> in ~/.npmrc, and the equivalent <code>minimumReleaseAge</code> in Bun’s config.

From what I was able to deduce, they give the community time to spot problems before new packages hit your machine.

For now, the best thing to do is to steer clear of those two packages and use local replacements if your build is looking for them.

Featured image edited with AI

We stand out from the tech-media crowd because we break news stories; we mainly bring you stuff that you won’t find anywhere in the mainstream tech media. Our stories have been picked up by some of the world’s most popular websites and media outlets—more info is available here.