Claude Code’s Accidental Source Leak Shows How Fast Attackers Exploit Curiosity

**Executive summary:** A source-map included in a public NPM release of Claude Code exposed significant TypeScript source, was widely forked and copied, and attackers rapidly capitalized on the attention by creating fake/upgraded repositories that delivered malware (notably Vidar and GhostSocks), illustrating how release hygiene failures and AI-assisted development can escalate into operational security risks.