Quick #story time: I was on a team which accidentally shipped sourcemaps to production!
The production server would serve sourcemaps for local dev, and we built sourcemaps in prod to deobfuscate errors but they weren't provided to the server in the prod environment.
You might see the hazard there. An innocuous change to our #Bazel build structure accidentally pulled in sourcemaps into the server, which it then helpfully served.
This was an app in the #Google monorepo too, so we were revealing all our source code as well as all our dependencies!
#Web #JavaScript #Sourcemaps
#Claude Code CLI Source is now public.
A misconfig .map file in their #npm package exposed a direct download link to the full unobfuscated #TypeScript codebase from #Anthropic’s own R2 bucket.
The dump is massive 1,900 files, including the complete tool system, 50+ slash commands, coordinator, Terminal UI, IDE bridge, permission engine, & unreleased features.
https://github.com/nirholas/claude-code
https://aired.sh/p/Zlm4dmW4ED
https://www.ccleaks.com/
https://pub-aea8527898604c1bbb12468b1581d95e.r2.dev/src.zip
#ai #llm #mastodon #fediverse
