On March 31, 2026, Anthropic's Claude Code CLI shipped a 59.8MB source map file in its npm package — exposing roughly 512,000 lines of proprietary TypeScript to anyone who downloaded it. The tool had itself been largely vibe-coded. A misconfigured packaging rule caused the leak, not a logic bug. Existing security scanners didn't catch it. That incident captures everything I want you to understand about vibe coding and security: the risk isn't that AI writes bad code on purpose. The…
No comments:
Post a Comment