Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

Gartner issued a same-day advisory after Anthropic leaked Claude Code's full architecture. CrowdStrike CTO Elia Zaitsev and ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no ...

A missed step in a manual deployment process exposed the internal workings of one of AI's hottest coding tools—and briefly ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

The exposure traces back to version 2.1.88 of the @anthropic-ai/claude-code package on npm, which was published with a 59.8MB ...

Anthropic executives said it was an accident and retracted the bulk of the takedown notices.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

A proof of concept used OpenClaw's localhost dashboard inside VS Code's integrated browser to compare it directly with Copilot on the same SKILL.md file, finding that OpenClaw delivered broader, more ...

Anthropic has accidentally exposed Claude Code's full 512,000-line TypeScript source via an npm source map, revealing ...