Overview
- - An npm release accidentally included a source‑map file that let outsiders rebuild the Claude Code frontend, leading to uploads of about 513,000 lines of code.
- - To stop the spread, Anthropic filed DMCA notices that swept up roughly 8,100 repositories because GitHub treats linked forks as a single network during takedowns.
- - Claude Code lead Boris Cherny acknowledged the mistake, most notices were withdrawn, and GitHub restored access, with one repository and 96 forks still targeted.
- - Anthropic released Claude Code version 2.1.90 that removes the source‑map and adds safeguards such as blocking default access to the local DNS cache and tightening PowerShell execution.
- - Security researchers report fake GitHub projects posing as “leaked” builds that install the Vidar information‑stealer and GhostSocks proxies, putting developers seeking the code at risk.