[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-claude-code-leak-reveals-hidden-features-en":3,"tags-claude-code-leak-reveals-hidden-features-en":30,"related-lang-claude-code-leak-reveals-hidden-features-en":40,"related-posts-claude-code-leak-reveals-hidden-features-en":44,"series-tools-07968cc8-f216-4938-9e22-1b7f92ae3311":81},{"id":4,"title":5,"content":6,"summary":7,"source":8,"source_url":9,"author":10,"image_url":11,"keywords":12,"language":18,"translated_content":10,"views":19,"is_premium":20,"created_at":21,"updated_at":21,"cover_image":11,"published_at":22,"rewrite_status":23,"rewrite_error":10,"rewritten_from_id":24,"slug":25,"category":26,"related_article_id":27,"status":28,"google_indexed_at":29,"x_posted_at":10,"tweet_text":10,"title_rewritten_at":10,"title_original":10,"key_takeaways":10,"topic_cluster_id":10,"embedding":10,"is_canonical_seed":20},"07968cc8-f216-4938-9e22-1b7f92ae3311","Claude Code泄露后，代码库露出什么","\u003Cp>7小时，51万行代码，1906个源文件。\u003Ca href=\"https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002F@anthropic-ai\u002Fclaude-code\" target=\"_blank\" rel=\"noopener\">Claude Code\u003C\u002Fa> 的一次发布失误，把这些内容直接摊在了公开视野里。更离谱的是，这次泄露暴露的不是几段前端脚本，而是一整套本地 CLI 的内部实现、未发布功能和安全流程。\u003C\u002Fp>\u003Cp>这类事故之所以让开发者格外敏感，是因为 \u003Ca href=\"\u002Fnews\u002Fopenai-plugin-claude-code-workflow-cuts-four-steps-en\">Claude Code\u003C\u002Fa> 不是普通网页应用。它跑在用户机器上，最值钱的交互逻辑、权限判断、任务编排，很多都在客户端里完成。源码一旦可读，竞争对手看到的就不是“界面长什么样”，而是“它怎么想、怎么做、怎么控风险”。\u003C\u002Fp>\u003Ch2>一次 source map 失误，后果有多大\u003C\u002Fh2>\u003Cp>这次外泄的导火索，是一个约60MB的 source map 文件被打进了 npm 发布包。source map 本来用于调试，把压缩后的代码映射回原始源码；它不该跟正式版本一起分发。可一旦它出现在包里，原本难读的构建产物就能被还原成接近原始工程的结构。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1775179135628-e89m.png\" alt=\"Claude Code泄露后，代码库露出什么\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>对 Web 前端来说，这通常意味着样式、交互和部分业务逻辑被看见；对 \u003Ca href=\"https:\u002F\u002Fdocs.anthropic.com\u002Fen\u002Fdocs\u002Fclaude-code\" target=\"_blank\" rel=\"noopener\">Anthropic Claude Code\u003C\u002Fa> 这种本地编程工具来说，情况严重得多。因为它的大量能力都在客户端侧完成，尤其是命令执行、文件读写、上下文压缩、会话管理这类模块，几乎就是产品本体。\u003C\u002Fp>\u003Cul>\u003Cli>泄露规模：约51万行代码\u003C\u002Fli>\u003Cli>源文件数量：1906个\u003C\u002Fli>\u003Cli>泄露文件体积：约60MB source map\u003C\u002Fli>\u003Cli>社区备份库短时间内获得2万+星标\u003C\u002Fli>\u003C\u002Ful>\u003Cp>从开发者角度看，这件事最值得复盘的不是“谁先把仓库镜像走了”，而是为什么一个调试文件能直接把产品内部结构掀开。答案很简单：发布流程里多了一层不该存在的构建产物，安全边界就被自己打穿了。\u003C\u002Fp>\u003Ch2>隐藏功能比想象中多\u003C\u002Fh2>\u003Cp>代码一公开，社区就开始做静态分析和仓库镜像。有人专门搭了 \u003Ca href=\"http:\u002F\u002Fccleaks.com\" target=\"_blank\" rel=\"noopener\">ccleaks.com\u003C\u002Fa> 来整理发现，陆续挖出35个编译时特性标志、120多个隐藏环境变量、200多个远程控制开关。里面最吸睛的，不是某个小修小补，而是一批看起来已经接近产品化的新模块。\u003C\u002Fp>\u003Cp>其中一个最有传播度的功能叫 Buddy。它是一个终端里的电子宠物系统，走的是 Tamagotchi 风格，能在命令行里显示不同物种的 ASCII 形象。代码里写了18种物种、6种稀有度，普通款占60%，传奇款只有1%。每个用户的宠物还会根据账户 ID 唯一生成，听上去像是为终端用户准备的轻量陪伴功能。\u003C\u002Fp>\u003Cblockquote>“A release is only as good as its last automated test.” — Kent Beck\u003C\u002Fblockquote>\u003Cp>这句话出自 Kent Beck，虽然他说的不是这次事故，但很贴切：当发布流程里有一个环节没被测试覆盖，后果往往不是一个小 bug，而是一整包不该公开的内容。Claude Code 的泄露正好说明，构建产物检查和发布前扫描不能只靠人眼。\u003C\u002Fp>\u003Cp>除了 Buddy，代码里还出现了几个更偏生产力方向的模块。它们大多还没完整上线，但轮廓已经很清楚：\u003C\u002Fp>\u003Cul>\u003Cli>Kairos：持久化助手模式，目标是跨会话长期记忆\u003C\u002Fli>\u003Cli>Ultraplan：基于更强模型做最长30分钟的深度任务规划\u003C\u002Fli>\u003Cli>多 Agent 协调：同时跑多个独立实例处理并行任务\u003C\u002Fli>\u003Cli>跨会话通信：多个 Claude 会话之间可以互发消息\u003C\u002Fli>\u003Cli>守护进程模式：让会话管理器像系统服务一样后台运行\u003C\u002Fli>\u003C\u002Ful>\u003Cp>这些功能说明 Claude Code 的路线很明确：它不想只做一个“会写命令的聊天窗口”，而是想把会话、记忆、规划和并行执行揉成一个本地工作台。问题在于，路线图被提前摊开之后，外界也能更快判断它到底在往哪走。\u003C\u002Fp>\u003Ch2>安全架构很硬，代码质量却不均匀\u003C\u002Fh2>\u003Cp>如果只看安全设计，Claude Code 的内部工程确实有不少可取之处。每次工具调用都要先过六级权限验证，再进入四层决策管道做进一步检查。外部命令和插件还被放进独立沙箱里运行，输入输出也走了单独的非阻塞缓冲区，避免主会话被卡住。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1775179131207-wvz4.png\" alt=\"Claude Code泄露后，代码库露出什么\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>更细一点看，它还会在上下文变长时自动压缩内容，把关键逻辑链条尽量保留下来。这个设计很像一套面向高频交互的本地代理系统：既要快，又要控风险，还要能在长会话里维持足够的状态感。单从架构图推测，团队对“AI 工具如何安全地碰系统”这件事想得不少。\u003C\u002Fp>\u003Cp>但源码泄露的价值，恰恰在于它会把优点和缺点一起照亮。社区翻到 \u003Ccode>src\u002Fcli\u002Fprint.ts\u003C\u002Fcode> 时，发现一个函数写了3000多行，嵌套层数达到12层，复杂度高得有点夸张。再往下看，情绪检测甚至没有上模型，而是直接用正则去匹配诸如 ffs、shitty 之类的词。\u003C\u002Fp>\u003Cul>\u003Cli>工具调用前要经过6级权限验证\u003C\u002Fli>\u003Cli>执行前还有4层决策管道\u003C\u002Fli>\u003Cli>外部命令和插件在独立沙箱中运行\u003C\u002Fli>\u003Cli>上下文超阈值后会自动压缩\u003C\u002Fli>\u003Cli>单个函数长度超过3000行，嵌套12层\u003C\u002Fli>\u003C\u002Ful>\u003Cp>这组对比很有意思：一边是严肃的安全层和执行隔离，一边是让人皱眉的超长函数和朴素文本匹配。它说明大型 AI 工具的真实代码库，往往不是“全都优雅”或“全都混乱”，而是高标准和历史包袱混在一起。\u003C\u002Fp>\u003Ch2>Anthropic的安全叙事，被自己人打断了\u003C\u002Fh2>\u003Cp>这次泄露并不是孤例。就在几天前，\u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002F\" target=\"_blank\" rel=\"noopener\">Anthropic\u003C\u002Fa> 还因为第三方 CMS 配置错误，导致近3000个内部资产被公开访问。那次事件里，外界看到了代号 \u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002Fnews\u002Fclaude-4\" target=\"_blank\" rel=\"noopener\">Claude Mythos\u003C\u002Fa> 的未发布模型相关材料，内部文件还把它描述成能力上的一次大幅跃升。\u003C\u002Fp>\u003Cp>再往前看，Claude Code 在2025年2月首发时就已经出过一次 source map 泄露。也就是说，同类错误不是第一次发生，而是反复发生。对一家把 AI 安全写进公司叙事的企业来说，这种重复比单次事故更伤，因为它暴露的是流程问题，不只是技术失手。\u003C\u002Fp>\u003Cp>下面这组数字，把问题说得更直白：\u003C\u002Fp>\u003Cul>\u003Cli>3月26日：约3000个内部资产因 CMS 配置错误暴露\u003C\u002Fli>\u003Cli>几天后：Claude Code 发布包再度泄露 source map\u003C\u002Fli>\u003Cli>2月首发时：同类问题已经出现过一次\u003C\u002Fli>\u003Cli>本次外泄：1906个源文件、51万行代码可读\u003C\u002Fli>\u003C\u002Ful>\u003Cp>有人会说，模型权重、训练数据和用户数据都没有泄露，真正的核心没丢。这话有道理，但也只说对了一半。对于一款本地 CLI 工具，产品逻辑、发布节奏、隐藏开关和安全策略本身就是竞争资产。别人拿到这些信息，已经足够复刻一个相当接近的版本。\u003C\u002Fp>\u003Ch2>这次泄露真正说明了什么\u003C\u002Fh2>\u003Cp>Claude Code 的这次事故，不只是一次“包里多塞了个文件”的低级失误。它还说明，AI 工具一旦把更多能力放到本地，发布链路就会变得更脆弱：一个构建配置、一次打包疏忽、一个没删干净的调试产物，都可能把内部实现完整送出去。\u003C\u002Fp>\u003Cp>更现实的判断是，接下来大家会更频繁地看到类似问题。原因很简单：AI Agent 已经开始参与写代码、跑测试、生成提交、管理发布流程，自动化程度越高，错误也越容易被批量放大。真正值得关注的，不是某家公司这次丢了多少行代码，而是它能不能把“不要把 source map 打进正式包”这种事情变成硬规则。\u003C\u002Fp>\u003Cp>如果 Anthropic 想把这次事故变成一次有效修正，最该做的不是解释得更漂亮，而是把发布检查、产物扫描和权限审计做成不可绕过的门槛。否则下次被扒出来的，可能就不只是隐藏指令和电子宠物，而是更敏感的产品策略和执行细节。\u003C\u002Fp>","Claude Code源码意外外泄后，社区挖出51万行代码、26个隐藏指令和6级安全验证，细节很扎眼。","zhuanlan.zhihu.com","https:\u002F\u002Fzhuanlan.zhihu.com\u002Fp\u002F2022446438307624517",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1775179135628-e89m.png",[13,14,15,16,17],"Claude Code","Anthropic","source map","AI安全","源码泄露","en",0,false,"2026-04-03T01:18:34.353501+00:00","2026-04-03T01:18:34.333+00:00","done","e729111c-d509-4176-acca-2b8af8cc9ca0","claude-code-leak-reveals-hidden-features-en","tools","3c91a0d0-0ada-4e8b-8140-3c2c75cc84b6","published","2026-04-07T07:41:13.34+00:00",[31,33,35,37,39],{"name":16,"slug":32},"ai安全",{"name":13,"slug":34},"claude-code",{"name":14,"slug":36},"anthropic",{"name":15,"slug":38},"source-map",{"name":17,"slug":17},{"id":27,"slug":41,"title":42,"language":43},"claude-code-leak-reveals-hidden-features-zh","Claude Code外洩後，程式碼庫露出什麼","zh",[45,51,57,63,69,75],{"id":46,"slug":47,"title":48,"cover_image":49,"image_url":49,"created_at":50,"category":26},"a6c1d84d-0d9c-4a5a-9ca0-960fbfc1412e","why-gemini-api-pricing-is-cheaper-than-it-looks-en","Why Gemini API pricing is cheaper than it looks","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778869846824-s2r1.png","2026-05-15T18:30:26.595941+00:00",{"id":52,"slug":53,"title":54,"cover_image":55,"image_url":55,"created_at":56,"category":26},"8b02abfa-eb16-4853-8b15-63d302c7b587","why-vidhub-huiyuan-hutong-bushi-quan-shebei-tongyong-en","Why VidHub 会员互通不是“买一次全设备通用”","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778789439875-uceq.png","2026-05-14T20:10:26.046635+00:00",{"id":58,"slug":59,"title":60,"cover_image":61,"image_url":61,"created_at":62,"category":26},"abe54a57-7461-4659-b2a0-99918dfd2a33","why-buns-zig-to-rust-experiment-is-right-en","Why Bun’s Zig-to-Rust experiment is the right move","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778767895201-5745.png","2026-05-14T14:10:29.298057+00:00",{"id":64,"slug":65,"title":66,"cover_image":67,"image_url":67,"created_at":68,"category":26},"f0015918-251b-43d7-95af-032d2139f3f6","why-openai-api-pricing-is-product-strategy-en","Why OpenAI API pricing is a product strategy, not a footnote","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778749841805-uyhg.png","2026-05-14T09:10:27.921211+00:00",{"id":70,"slug":71,"title":72,"cover_image":73,"image_url":73,"created_at":74,"category":26},"7096dab0-6d27-42d9-b951-7545a5dddf33","why-claude-code-prompt-design-beats-ide-copilots-en","Why Claude Code’s prompt design beats IDE copilots","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778742651754-3kxk.png","2026-05-14T07:10:30.953808+00:00",{"id":76,"slug":77,"title":78,"cover_image":79,"image_url":79,"created_at":80,"category":26},"1f1bff1e-0ebc-4fa7-a078-64dc4b552548","why-databricks-model-serving-is-right-default-en","Why Databricks Model Serving is the right default for production infe…","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778692290314-gopj.png","2026-05-13T17:10:32.167576+00:00",[82,87,92,97,102,107,112,117,122,127],{"id":83,"slug":84,"title":85,"created_at":86},"8008f1a9-7a00-4bad-88c9-3eedc9c6b4b1","surepath-ai-mcp-policy-controls-en","SurePath AI's New MCP Policy Controls Enhance AI Security","2026-03-26T01:26:52.222015+00:00",{"id":88,"slug":89,"title":90,"created_at":91},"27e39a8f-b65d-4f7b-a875-859e2b210156","mcp-standard-ai-tools-2026-en","MCP Standard in 2026: Integrating AI Tools","2026-03-26T01:27:43.127519+00:00",{"id":93,"slug":94,"title":95,"created_at":96},"165f9a19-c92d-46ba-b3f0-7125f662921d","rag-2026-transforming-enterprise-ai-en","How RAG in 2026 is Transforming Enterprise AI","2026-03-26T01:28:11.485236+00:00",{"id":98,"slug":99,"title":100,"created_at":101},"6a2a8e6e-b956-49d8-be12-cc47bdc132b2","mastering-ai-prompts-2026-guide-en","Mastering AI Prompts: A 2026 Guide for Developers","2026-03-26T01:29:07.835148+00:00",{"id":103,"slug":104,"title":105,"created_at":106},"d6653030-ee6d-4043-898d-d2de0388545b","evolving-world-prompt-engineering-en","The Evolving World of Prompt Engineering","2026-03-26T01:29:42.061205+00:00",{"id":108,"slug":109,"title":110,"created_at":111},"3ab2c67e-4664-4c67-a013-687a2f605814","garry-tan-open-sources-claude-code-toolkit-en","Garry Tan Open-Sources a Claude Code Toolkit","2026-03-26T08:26:20.245934+00:00",{"id":113,"slug":114,"title":115,"created_at":116},"66a7cbf8-7e76-41d4-9bbf-eaca9761bf69","github-ai-projects-to-watch-in-2026-en","20 GitHub AI Projects to Watch in 2026","2026-03-26T08:28:09.752027+00:00",{"id":118,"slug":119,"title":120,"created_at":121},"231306b3-1594-45b2-af81-bb80e41182f2","claude-code-vs-cursor-2026-en","Claude Code vs Cursor in 2026","2026-03-26T13:27:14.177468+00:00",{"id":123,"slug":124,"title":125,"created_at":126},"9f332fda-eace-448a-a292-2283951eee71","practical-github-guide-learning-ml-2026-en","A Practical GitHub Guide to Learning ML in 2026","2026-03-27T01:16:50.125678+00:00",{"id":128,"slug":129,"title":130,"created_at":131},"1b1f637d-0f4d-42bd-974b-07b53829144d","aiml-2026-student-ai-ml-lab-repo-review-en","AIML-2026 Is a Bare-Bones Student Lab Repo","2026-03-27T01:21:51.661231+00:00"]