Claude Code Can Leak Secrets in Public npm Packages: What Developers Must Know

What happened

Security researchers at Check Point have revealed a significant security risk involving Anthropic’s Claude Code, an AI coding assistant integrated into developer environments. Claude Code can automatically stash sensitive credentials, such as API keys or tokens, inside a local configuration file named `.claude/settings.local.json`. This file, however, is not always excluded from source control or package publishing processes, leading to inadvertent exposure of secrets in public npm packages.

This vulnerability was reported in April 2026 and has been corroborated by multiple independent sources, confirming that the issue is not isolated but systemic among developers using Claude Code in JavaScript and Node.js projects.

Confirmed facts

• Claude Code stores sensitive credentials in `.claude/settings.local.json` without explicit user notification.
• This settings file is often committed to public npm packages due to missing `.gitignore` or `.npmignore` entries.
• Public exposure of these secrets can lead to unauthorized access to cloud services, databases, and third-party APIs.
• The issue primarily affects developers using Claude Code integrated into their IDEs or CI/CD pipelines without strict secret management policies.
• Check Point and other security analysts have verified multiple instances of leaked credentials in npm packages published between late 2025 and early 2026.

Who is affected

• JavaScript and Node.js developers using Anthropic’s Claude Code in their development environment.
• Open-source maintainers who publish npm packages without auditing `.claude/settings.local.json` or similar configuration files.
• Organizations relying on automated AI coding assistants without enforcing secret scanning or environment segregation.
• DevOps teams that integrate AI coding tools into CI/CD workflows that publish packages automatically.

If you use Claude Code in your development process and publish npm packages, your projects might be at risk of leaking credentials publicly.

What to do now

1. Audit your npm packages: Immediately check your public npm packages for `.claude/settings.local.json` or any other unexpected configuration files containing secrets.
2. Revoke exposed credentials: If you find leaked API keys or tokens, revoke them immediately and generate new credentials.
3. Add `.claude/settings.local.json` to `.gitignore` and `.npmignore`: Prevent accidental commits and package publishing of this file.
4. Scan your repositories for secrets: Use tools like GitGuardian, TruffleHog, or open-source secret scanners to detect any leaked credentials.
5. Update your development workflows: Incorporate secret scanning in your CI/CD pipelines to catch leaks before publishing.
6. Inform your team: Educate developers about the risk and encourage best practices around secret management.

How to secure yourself

• Use environment variables or secure vaults: Store secrets outside of your codebase and configuration files.
• Configure Claude Code properly: Check for updates or patches from Anthropic that address this issue and apply them promptly.
• Implement strict `.gitignore` and `.npmignore` policies: Explicitly exclude all local configuration files that may contain secrets.
• Enable two-factor authentication (2FA) on all accounts linked to leaked credentials.
• Regularly rotate credentials: Even if no leak is detected, periodic rotation reduces risk.
• Leverage secret scanning tools integrated into your IDE or repository hosting service (e.g., GitHub’s secret scanning).

2026 update

As of April 2026, Anthropic has acknowledged the issue and is working on releasing updates to Claude Code to prevent automatic secret storage in local files or to prompt users before saving such data. Meanwhile, the developer community has adopted stricter secret management protocols, and major package registries like npm have enhanced their scanning capabilities to detect and block packages containing exposed secrets.

Additionally, several open-source projects have published `.claude`-specific `.gitignore` templates, and DevSecOps teams are integrating AI assistant usage policies to mitigate similar risks.

FAQ

Can I check if my npm package is affected?

Yes. You can download your published package tarballs and inspect them for `.claude/settings.local.json` or any files containing sensitive keys. Using secret scanning tools on your repository and package contents is also recommended.

What types of secrets are typically leaked?

Commonly leaked secrets include API keys, database credentials, cloud service tokens, and private keys used for authentication with third-party services.

Does this affect all AI coding assistants?

This specific issue is tied to Anthropic’s Claude Code storing secrets in local config files. However, other AI tools might have their own risks. Always audit and understand how your tools handle sensitive data.

How can I prevent future leaks?

Implement strict `.gitignore` and `.npmignore` rules, use environment variables or secret vaults, enable secret scanning in your CI/CD pipelines, and educate your team on secure coding practices.

What if I find leaked credentials in my package?

Immediately revoke those credentials and replace them with new ones. Inform your users if necessary and republish the package without the secrets.

Has Anthropic released a fix?

As of April 2026, updates are in progress. Monitor official Anthropic channels for patches and upgrade Claude Code when available.

Are private npm packages safe?

Private packages reduce exposure risk but do not eliminate it. Secrets can still leak if the package is shared or if the repository is public.

Can secret scanning tools detect `.claude/settings.local.json` leaks?

Yes, most modern secret scanning tools can be configured to detect such files and flag sensitive content.

Is this vulnerability exploitable remotely?

The leak itself is a result of accidental public exposure rather than a remote exploit. However, exposed credentials can be used by attackers to access services remotely.

What changed in 2026 regarding this issue?

In 2026, there has been increased awareness, improved scanning tools, and initial patches from Anthropic, alongside community-driven best practices to mitigate the risk.

Why this matters

The inadvertent leakage of secrets in public npm packages poses a high risk of account compromise, data breaches, and service abuse. Attackers actively scan public repositories and packages for exposed credentials to launch attacks ranging from cloud resource hijacking to injecting malware into supply chains.

Given the widespread adoption of AI coding assistants like Claude Code, this vulnerability highlights the critical need for secure secret management and developer awareness. Failure to address this can lead to significant financial and reputational damage for individuals and organizations alike.

Sources and corroboration

This article is based on verified reports from Check Point and corroborated by multiple independent security sources, including analysis published on SecurityBrief.co.uk. The findings have been validated by security researchers who identified multiple public npm packages containing `.claude/settings.local.json` files with embedded secrets.

• https://securitybrief.co.uk/story/claude-code-can-leak-secrets-in-public-npm-packages

By following the guidance outlined above, developers can significantly reduce the risk of secret leakage and protect their projects and users from potential exploitation.