Claude Code Source Code Leak and Axios Supply-Chain Attack

Memo
Written By Studio Soph
 
 

This advisory applies specifically to clients that are utilizing Claude Code in their environment or have their own development group that may use the Axios software component. If you are not using these tools, there is no direct impact.

Claude Code Source Code Leak

Anthropic, the company behind the Claude AI platform, recently confirmed that source code for its Claude Code developer tool was accidentally included in a routine software update due to a packaging error. This was not a breach of Anthropic's production systems, and no customer data, API keys, or credentials were exposed.

The exposed code gives outside parties visibility into how Claude Code operates, including its security controls. This could make it easier for bad actors to craft future targeted attacks against environments where the tool is in use.

If your development team uses Claude Code, we recommend raising the following with them:

  1. Review the exposure and assess whether any internal configurations, integrations, or workflows could be affected by the public availability of the tool's architecture and security logic.

  2. API keys and access tokens used in connection with Claude Code or related AI development tools should be rotated as a precaution.

  3. Any AI development tools adopted outside of a formal approval process should be identified and reviewed.

Axios Supply-Chain Attack

In an unrelated but concurrent incident, malicious versions of "Axios," a widely used open-source software component for JavaScript, were published on the same package registry (npm) on March 31. The compromised versions (1.14.1 and 0.30.4) contained software designed to provide unauthorized remote access to the affected machine. This applies to any team that uses Axios via npm, not only those using Claude Code.

If your development team used npm on March 31 between 00:21 and 03:29 UTC, we recommend the following:

  1. Check all project dependency files for Axios versions 1.14.1 or 0.30.4.

  2. If either version is found, treat the affected systems as compromised and let us know so we can begin incident response procedures immediately.

  3. Rotate all secrets, credentials, and access tokens on any affected machine.

Broader Recommendation: Secret and Key Management

Regardless of whether your team was directly affected by either incident, this is a good opportunity to review how API keys, access tokens, and other secrets are stored and managed across your development environment. Secrets should never be embedded directly in source code or configuration files that are committed to version control. We recommend that development teams use a dedicated secrets management solution and establish a regular rotation schedule for all keys and tokens.

As always, if your team needs support assessing exposure, implementing secrets management systems, or reviewing security controls around AI tooling, we are here to help.

 

Best regards,

— Your HalcyonFT Team

 
 
 
 

{ HALCYONFT UPDATES }

More Insights

 
Read more
Read more
 
 
 

{ CONTACT }

Connect with us to discuss what HalcyonFT can do for you

Lets connect
Lets connect
 
 
Studio Soph https://www.studiosoph.co.uk
Next

HalcyonFT Quarterly Newsletter - Q1 2026 - Updates and Recommendations