IntroductionOn March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code (its flagship ...
The exposure traces back to version 2.1.88 of the @anthropic-ai/claude-code package on npm, which was published with a 59.8MB ...
The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a ...
Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...
Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
Claude Code, Anthropic’s top AI agent, just suffered a major source code leak. Version 2.1.88 exposed 512,000 lines of ...
A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...
North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.
Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...
The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...
With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...
Free cryptographically verified code quality scoring for software procurement. The best software wins. Not the best ...