Hacker News Recap March 31st, 2026 | Claude Code's source code has been leaked via a map file in their NPM registry
Apr 1, 2026
A rundown of a major source code leak from a misconfigured map file in an NPM package. Coverage of malicious Axios releases on NPM that bundled a remote access trojan. Discussion of big layoffs at a major cloud vendor and worries about Artemis II flight safety. Notes on GitHub pulling Copilot pull-request ads and a tool to trim large model outputs for cheaper tokens.
AI Snips
Chapters
Transcript
Episode notes
Map File Leak Exposes Proprietary Cloud Code Internals
- Cloud Code's NPM map file leak exposed proprietary implementation details and debugging mappings.
- The leak reveals internal algorithms and raises risk of competitors replicating Claude Code's features and undermining its competitive edge.
Audit NPM Dependencies Regularly
- Audit third-party NPM dependencies and avoid blindly trusting popular packages.
- The compromised Axios versions bundled a remote access Trojan, showing supply-chain risk in widely used libraries.
Leaked Code Reveals Undercover Mode And Detection Logic
- The leaked Claude Code source shows features like 'undercover mode' and rejection regexes for vulnerability detection.
- Seeing these internals clarifies how the tool analyzes code without altering files and flags patterns in real time.