[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-claude-code-source-leak-npm-sourcemap-en":3,"tags-claude-code-source-leak-npm-sourcemap-en":30,"related-lang-claude-code-source-leak-npm-sourcemap-en":38,"related-posts-claude-code-source-leak-npm-sourcemap-en":42,"series-tools-98aad9b3-ff86-4d55-b3c9-95fc24534307":79},{"id":4,"title":5,"content":6,"summary":7,"source":8,"source_url":9,"author":10,"image_url":11,"keywords":12,"language":18,"translated_content":10,"views":19,"is_premium":20,"created_at":21,"updated_at":21,"cover_image":11,"published_at":22,"rewrite_status":23,"rewrite_error":10,"rewritten_from_id":24,"slug":25,"category":26,"related_article_id":27,"status":28,"google_indexed_at":29,"x_posted_at":10,"tweet_text":10,"title_rewritten_at":10,"title_original":10,"key_takeaways":10,"topic_cluster_id":10,"embedding":10,"is_canonical_seed":20},"98aad9b3-ff86-4d55-b3c9-95fc24534307","Claude Code源码泄漏：npm里藏了什么","\u003Cp>2026年3月31日，研究员 \u003Ca href=\"https:\u002F\u002Fx.com\u002Fchaofanshuo\" target=\"_blank\" rel=\"noopener\">Chaofan Shou\u003C\u002Fa> 在 X 上发帖称，他在 npm 注册表里翻到了 \u003Ca href=\"https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002F@anthropic-ai\u002Fclaude-code\" target=\"_blank\" rel=\"noopener\">Claude Code\u003C\u002Fa> 的完整源代码。不是片段，不是符号表，而是随包发布的 sourcemap 里直接带出的源码。\u003C\u002Fp>\u003Cp>这件事之所以让人侧目，不只是因为“泄漏”两个字够扎眼，而是因为被翻出来的是 \u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002F\" target=\"_blank\" rel=\"noopener\">Anthropic\u003C\u002Fa> 自家的 \u003Ca href=\"https:\u002F\u002Fdocs.anthropic.com\u002Fen\u002Fdocs\u002Fclaude-code\" target=\"_blank\" rel=\"noopener\">AI 编程 CLI\u003C\u002Fa>。对一个主打开发者工作流的产品来说，源码和实现细节本来就最值钱，结果它们却以一种很低级的方式出现在公开包里。\u003C\u002Fp>\u003Cp>如果你平时也用过 npm 包的 sourcemap，大概知道这类文件本来是给调试用的。问题在于，很多团队只把它当“前端调试工具”，却忘了它也可能把压缩后的代码、注释、目录结构，甚至一整套实现逻辑原样吐出来。\u003C\u002Fp>\u003Ch2>这次到底泄了什么\u003C\u002Fh2>\u003Cp>按 Chaofan Shou 的说法，泄露内容来自 \u003Ca href=\"\u002Fnews\u002Fclaude-code-harness-engineering-design-en\">Claude Code\u003C\u002Fa> 发布到 npm 的包内 sourcemap。也就是说，外部用户不需要特殊权限，也不需要入侵，只要下载公开包，就可能把原本不该公开的源码还原出来。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1775113342042-krsw.png\" alt=\"Claude Code源码泄漏：npm里藏了什么\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>这类问题的危险点在于，它不是单纯的“代码看光了”。一旦源码可读，攻击面会变得更清晰：命令处理逻辑、鉴权方式、远程请求路径、错误处理分支、隐藏功能开关，都会更容易被逆向。\u003C\u002Fp>\u003Cp>对于 AI 编程工具，这种暴露尤其敏感。因为它们往往不只是一个本地命令行程序，还会和模型接口、权限系统、缓存、遥测上报、文件系统交互，任何一层写得随意，都可能被放大成实际风险。\u003C\u002Fp>\u003Cul>\u003Cli>公开时间：2026-03-31\u003C\u002Fli>\u003Cli>曝光者：Chaofan Shou\u003C\u002Fli>\u003Cli>泄露位置：npm 注册表中的包文件\u003C\u002Fli>\u003Cli>泄露载体：sourcemap 文件\u003C\u002Fli>\u003Cli>涉及产品：Anthropic 的 Claude Code\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>为什么 sourcemap 会把事情搞大\u003C\u002Fh2>\u003Cp>Sourcemap 的初衷很朴素：帮助开发者把压缩后的代码映射回原始源码，方便排查问题。可一旦发布流程没管住，sourcemap 就会从调试辅助变成“源码出口”。\u003C\u002Fp>\u003Cp>这次事件之所以被讨论得很热，是因为 \u003Ca href=\"\u002Fnews\u002F8-hidden-claude-code-features-leaked-source-en\">Claude Code\u003C\u002Fa> 本身是面向开发者的工具，用户群对技术细节很敏感。大家会自然联想到：如果一个做 AI 编程工具的公司，连发布包里的 sourcemap 都没检查好，那它对供应链安全的管理到底有多细。\u003C\u002Fp>\u003Cp>更现实的一点是，npm 生态里很多包都会被自动拉取、缓存、镜像和二次分发。一次上传失误，可能在多个缓存节点里停留很久。你删掉上游文件，不等于所有副本都立刻消失。\u003C\u002Fp>\u003Cblockquote>“Security is a process, not a product.” — Bruce Schneier\u003C\u002Fblockquote>\u003Cp>这句 Bruce Schneier 的老话放在这里非常合适。源码泄漏往往不是单点事故，而是流程、审查、发布、回滚、缓存管理一起出问题的结果。\u003C\u002Fp>\u003Ch2>和其他软件泄漏事件比，差别在哪\u003C\u002Fh2>\u003Cp>很多软件泄漏事件都发生在内部仓库、误配存储桶，或者测试环境里。\u003Ca href=\"\u002Fnews\u002Fclaude-code-architecture-governance-practice-en\">Claude Code\u003C\u002Fa> 这次更尴尬的地方在于，它出现在公开的包分发渠道里，任何人都能直接拿到。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1775113358163-yoid.png\" alt=\"Claude Code源码泄漏：npm里藏了什么\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>从影响面看，这类公开分发错误通常比内部泄漏更难收拾。内部泄漏还可以追溯访问日志，公开包则意味着已经进入了全球镜像系统，传播速度快，回收速度慢。\u003C\u002Fp>\u003Cp>如果拿几个常见场景做对比，会更直观：\u003C\u002Fp>\u003Cul>\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.npmjs.com\u002F\" target=\"_blank\" rel=\"noopener\">npm\u003C\u002Fa> 公开包泄漏：任何人都能下载，传播最快，修补最难\u003C\u002Fli>\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002F\" target=\"_blank\" rel=\"noopener\">GitHub\u003C\u002Fa> 私有仓库误公开：通常能尽快撤回，但可能已被抓取\u003C\u002Fli>\u003Cli>内部日志或对象存储泄漏：影响面可能更小，但取证和清理更复杂\u003C\u002Fli>\u003Cli>CI\u002FCD 制品泄漏：经常和自动发布绑定，错误会被重复放大\u003C\u002Fli>\u003C\u002Ful>\u003Cp>从开发者视角看，真正该警惕的不是“源码被看见”本身，而是“为什么它会被看见”。如果一个包里连 sourcemap 都能带出核心逻辑，说明发布门禁、产物审查和签发流程至少有一环没拦住。\u003C\u002Fp>\u003Cp>这也是为什么这类事件常常比表面看起来更麻烦。它逼着团队回答一个很具体的问题：到底哪些文件应该进入公开制品，哪些文件必须在发布前被清理掉？\u003C\u002Fp>\u003Ch2>这对 Anthropic 和开发者意味着什么\u003C\u002Fh2>\u003Cp>对 \u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002F\" target=\"_blank\" rel=\"noopener\">Anthropic\u003C\u002Fa> 来说，最直接的伤害不是“被嘲笑”，而是信任成本上升。一个卖 AI 编程工具的公司，最怕的就是开发者怀疑它对工程细节的把控能力。\u003C\u002Fp>\u003Cp>对用户来说，这件事也不只是围观八卦。你今天用的是 Claude Code，明天用的可能是别家的 CLI、插件、代理层或者本地编排工具。只要它们依赖公开包分发，就都可能踩到类似的坑。\u003C\u002Fp>\u003Cp>从更实际的角度看，这件事给团队的启发很明确：发布前要检查 sourcemap、删除未必要的源码映射、审查包内容、把敏感逻辑从可公开制品里剥离出去。听起来像老生常谈，但真正出事时，往往就是这些老生常谈没做全。\u003C\u002Fp>\u003Cul>\u003Cli>检查 npm 包内容，确认没有多余的源文件和映射文件\u003C\u002Fli>\u003Cli>关闭或限制 production 环境下的 sourcemap 发布\u003C\u002Fli>\u003Cli>把发布制品和源码仓库分开审计\u003C\u002Fli>\u003Cli>对 CLI 工具的鉴权、遥测和远程调用路径做额外复核\u003C\u002Fli>\u003C\u002Ful>\u003Cp>如果你在团队里负责前端、Rust、Node.js 或发布流水线，这次事件值得顺手做一次自查。尤其是那些会自动生成 map 文件、bundle 文件和 debug artifact 的项目，最容易在最后一步把不该公开的东西顺手打包出去。\u003C\u002Fp>\u003Cp>想看类似的 AI 工具发布与安全问题，我们之前也写过一篇关于 \u003Ca href=\"\u002Fnews\u002Fai-tooling-release-security-checklist\">AI 工具发布前的安全检查清单\u003C\u002Fa>，里面列了不少实际可执行的检查项。\u003C\u002Fp>\u003Ch2>最后看什么：修补速度，而不是公关话术\u003C\u002Fh2>\u003Cp>这类事故最能看出一家公司的工程成熟度。真正重要的不是发一条“我们正在调查”的声明，而是能不能快速确认影响范围、撤下有问题的包、轮换可能暴露的密钥，并把发布链路补上缺口。\u003C\u002Fp>\u003Cp>我更想看到的是一个明确动作：Anthropic 是否会公开说明这次泄漏涉及哪些版本、哪些文件、哪些构建步骤，以及他们准备怎么改 npm 发布流程。只要这些信息够具体，开发者就能判断这到底是一次偶发失误，还是流程本身就有系统性问题。\u003C\u002Fp>\u003Cp>我的判断是，这次事件不会让 Claude Code 失去用户，但会让更多团队开始盯紧自己的包发布链路。接下来值得观察的，不是舆论热度能持续多久，而是各家 AI 工具会不会开始默认把 sourcemap、调试产物和公开制品分开处理。谁先补上这个洞，谁就少一次把自己放到聚光灯下的机会。\u003C\u002Fp>","Claude Code源码被塞进npm sourcemap后曝光。一次发布失误，让Anthropic的AI编程CLI细节直接摊开。","www.zhihu.com","https:\u002F\u002Fwww.zhihu.com\u002Fquestion\u002F2022392127145911515",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1775113342042-krsw.png",[13,14,15,16,17],"Claude Code","Anthropic","npm","sourcemap","源码泄漏","en",0,false,"2026-04-02T05:24:31.705844+00:00","2026-04-02T05:24:31.646+00:00","done","ed695a5e-821c-41ca-8fbe-2292e95a65a0","claude-code-source-leak-npm-sourcemap-en","tools","7087ed57-4d0b-4de6-a203-6c50166c5e2c","published","2026-04-09T09:00:51.703+00:00",[31,32,33,35,37],{"name":17,"slug":17},{"name":15,"slug":15},{"name":13,"slug":34},"claude-code",{"name":14,"slug":36},"anthropic",{"name":16,"slug":16},{"id":27,"slug":39,"title":40,"language":41},"claude-code-source-leak-npm-sourcemap-zh","Claude Code 源碼外洩：npm 裡藏了什麼","zh",[43,49,55,61,67,73],{"id":44,"slug":45,"title":46,"cover_image":47,"image_url":47,"created_at":48,"category":26},"a6c1d84d-0d9c-4a5a-9ca0-960fbfc1412e","why-gemini-api-pricing-is-cheaper-than-it-looks-en","Why Gemini API pricing is cheaper than it looks","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778869846824-s2r1.png","2026-05-15T18:30:26.595941+00:00",{"id":50,"slug":51,"title":52,"cover_image":53,"image_url":53,"created_at":54,"category":26},"8b02abfa-eb16-4853-8b15-63d302c7b587","why-vidhub-huiyuan-hutong-bushi-quan-shebei-tongyong-en","Why VidHub 会员互通不是“买一次全设备通用”","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778789439875-uceq.png","2026-05-14T20:10:26.046635+00:00",{"id":56,"slug":57,"title":58,"cover_image":59,"image_url":59,"created_at":60,"category":26},"abe54a57-7461-4659-b2a0-99918dfd2a33","why-buns-zig-to-rust-experiment-is-right-en","Why Bun’s Zig-to-Rust experiment is the right move","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778767895201-5745.png","2026-05-14T14:10:29.298057+00:00",{"id":62,"slug":63,"title":64,"cover_image":65,"image_url":65,"created_at":66,"category":26},"f0015918-251b-43d7-95af-032d2139f3f6","why-openai-api-pricing-is-product-strategy-en","Why OpenAI API pricing is a product strategy, not a footnote","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778749841805-uyhg.png","2026-05-14T09:10:27.921211+00:00",{"id":68,"slug":69,"title":70,"cover_image":71,"image_url":71,"created_at":72,"category":26},"7096dab0-6d27-42d9-b951-7545a5dddf33","why-claude-code-prompt-design-beats-ide-copilots-en","Why Claude Code’s prompt design beats IDE copilots","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778742651754-3kxk.png","2026-05-14T07:10:30.953808+00:00",{"id":74,"slug":75,"title":76,"cover_image":77,"image_url":77,"created_at":78,"category":26},"1f1bff1e-0ebc-4fa7-a078-64dc4b552548","why-databricks-model-serving-is-right-default-en","Why Databricks Model Serving is the right default for production infe…","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778692290314-gopj.png","2026-05-13T17:10:32.167576+00:00",[80,85,90,95,100,105,110,115,120,125],{"id":81,"slug":82,"title":83,"created_at":84},"8008f1a9-7a00-4bad-88c9-3eedc9c6b4b1","surepath-ai-mcp-policy-controls-en","SurePath AI's New MCP Policy Controls Enhance AI Security","2026-03-26T01:26:52.222015+00:00",{"id":86,"slug":87,"title":88,"created_at":89},"27e39a8f-b65d-4f7b-a875-859e2b210156","mcp-standard-ai-tools-2026-en","MCP Standard in 2026: Integrating AI Tools","2026-03-26T01:27:43.127519+00:00",{"id":91,"slug":92,"title":93,"created_at":94},"165f9a19-c92d-46ba-b3f0-7125f662921d","rag-2026-transforming-enterprise-ai-en","How RAG in 2026 is Transforming Enterprise AI","2026-03-26T01:28:11.485236+00:00",{"id":96,"slug":97,"title":98,"created_at":99},"6a2a8e6e-b956-49d8-be12-cc47bdc132b2","mastering-ai-prompts-2026-guide-en","Mastering AI Prompts: A 2026 Guide for Developers","2026-03-26T01:29:07.835148+00:00",{"id":101,"slug":102,"title":103,"created_at":104},"d6653030-ee6d-4043-898d-d2de0388545b","evolving-world-prompt-engineering-en","The Evolving World of Prompt Engineering","2026-03-26T01:29:42.061205+00:00",{"id":106,"slug":107,"title":108,"created_at":109},"3ab2c67e-4664-4c67-a013-687a2f605814","garry-tan-open-sources-claude-code-toolkit-en","Garry Tan Open-Sources a Claude Code Toolkit","2026-03-26T08:26:20.245934+00:00",{"id":111,"slug":112,"title":113,"created_at":114},"66a7cbf8-7e76-41d4-9bbf-eaca9761bf69","github-ai-projects-to-watch-in-2026-en","20 GitHub AI Projects to Watch in 2026","2026-03-26T08:28:09.752027+00:00",{"id":116,"slug":117,"title":118,"created_at":119},"231306b3-1594-45b2-af81-bb80e41182f2","claude-code-vs-cursor-2026-en","Claude Code vs Cursor in 2026","2026-03-26T13:27:14.177468+00:00",{"id":121,"slug":122,"title":123,"created_at":124},"9f332fda-eace-448a-a292-2283951eee71","practical-github-guide-learning-ml-2026-en","A Practical GitHub Guide to Learning ML in 2026","2026-03-27T01:16:50.125678+00:00",{"id":126,"slug":127,"title":128,"created_at":129},"1b1f637d-0f4d-42bd-974b-07b53829144d","aiml-2026-student-ai-ml-lab-repo-review-en","AIML-2026 Is a Bare-Bones Student Lab Repo","2026-03-27T01:21:51.661231+00:00"]