HackWatch
! High riskBR Breach

Claude Code Can Leak Secrets in Public npm Packages: What Developers Must Know

Breach coverage centered on exposed data, scope clarification and immediate containment priorities.

Potential exposure event. Confirm scope, identify affected accounts or records and move quickly on resets, notifications and monitoring.
Claude Code Can Leak Secrets in Public npm Packages: What Developers Must Know - HackWatch breach alert image
HackWatch breach alert image for: Claude Code Can Leak Secrets in Public npm Packages: What Developers Must Know
Marcin Pocztowski

Infrastructure Security Editor

Marcin Pocztowski

Infrastructure and Vulnerability Response

By: Artur Ślesik

Published: Apr 23, 2026

Updated: May 01, 2026

Incident status: Mitigation available

Corroborating sources: 1

Technical review credentials: Security+ evidence | RHCSA evidence | JNCIS-SEC evidence

Trust note:This alert is maintained under HackWatch's editorial policy, with visible source records, a named responsible editor and a correction channel for disputed facts.

The published article is checked against public sources before publication, and material corrections are reflected in the article update date.

Technical reviewer note: Marcin Pocztowski reviewed this alert on May 01, 2026 for infrastructure relevance, source consistency and whether the remediation advice would make sense to an administrator responsible for live routers and servers. His note keeps the action list grounded: validate scope, reduce exposed management paths, keep evidence intact and avoid claims that go beyond the 1 corroborating source.

Review our editorial policy or send corrections to [email protected].

Mitigation available. Mitigation guidance or a workaround is available, but defenders should still verify rollout status and exposure.

Security researchers have uncovered a critical vulnerability involving Anthropic’s Claude Code, where sensitive credentials can be silently stored in configuration files and inadvertently published in public npm packages.

What happened

Security researchers at Check Point have revealed a significant security risk involving Anthropic’s Claude Code, an AI coding assistant integrated into developer environments. Claude Code can automatically stash sensitive credentials, such as API keys or tokens, inside a local configuration file named `.claude/settings.local.json`. This file, however, is not always excluded from source control or package publishing processes, leading to inadvertent exposure of secrets in public npm packages.

This vulnerability was reported in April 2026 and has been corroborated by multiple independent sources, confirming that the issue is not isolated but systemic among developers using Claude Code in JavaScript and Node.js projects.

Confirmed facts

  • Claude Code stores sensitive credentials in `.claude/settings.local.json` without explicit user notification.
  • This settings file is often committed to public npm packages due to missing `.gitignore` or `.npmignore` entries.
  • Public exposure of these secrets can lead to unauthorized access to cloud services, databases, and third-party APIs.
  • The issue primarily affects developers using Claude Code integrated into their IDEs or CI/CD pipelines without strict secret management policies.
  • Check Point and other security analysts have verified multiple instances of leaked credentials in npm packages published between late 2025 and early 2026.

Who is affected

  • JavaScript and Node.js developers using Anthropic’s Claude Code in their development environment.
  • Open-source maintainers who publish npm packages without auditing `.claude/settings.local.json` or similar configuration files.
  • Organizations relying on automated AI coding assistants without enforcing secret scanning or environment segregation.
  • DevOps teams that integrate AI coding tools into CI/CD workflows that publish packages automatically.

If you use Claude Code in your development process and publish npm packages, your projects might be at risk of leaking credentials publicly.

What to do now

  1. Audit your npm packages: Immediately check your public npm packages for `.claude/settings.local.json` or any other unexpected configuration files containing secrets.
  2. Revoke exposed credentials: If you find leaked API keys or tokens, revoke them immediately and generate new credentials.
  3. Add `.claude/settings.local.json` to `.gitignore` and `.npmignore`: Prevent accidental commits and package publishing of this file.
  4. Scan your repositories for secrets: Use tools like GitGuardian, TruffleHog, or open-source secret scanners to detect any leaked credentials.
  5. Update your development workflows: Incorporate secret scanning in your CI/CD pipelines to catch leaks before publishing.
  6. Inform your team: Educate developers about the risk and encourage best practices around secret management.

How to secure yourself

  • Use environment variables or secure vaults: Store secrets outside of your codebase and configuration files.
  • Configure Claude Code properly: Check for updates or patches from Anthropic that address this issue and apply them promptly.
  • Implement strict `.gitignore` and `.npmignore` policies: Explicitly exclude all local configuration files that may contain secrets.
  • Enable two-factor authentication (2FA) on all accounts linked to leaked credentials.
  • Regularly rotate credentials: Even if no leak is detected, periodic rotation reduces risk.
  • Leverage secret scanning tools integrated into your IDE or repository hosting service (e.g., GitHub’s secret scanning).

FAQ

Can I check if my npm package is affected?

Yes. You can download your published package tarballs and inspect them for `.claude/settings.local.json` or any files containing sensitive keys. Using secret scanning tools on your repository and package contents is also recommended.

What types of secrets are typically leaked?

Commonly leaked secrets include API keys, database credentials, cloud service tokens, and private keys used for authentication with third-party services.

Does this affect all AI coding assistants?

This specific issue is tied to Anthropic’s Claude Code storing secrets in local config files. However, other AI tools might have their own risks. Always audit and understand how your tools handle sensitive data.

How can I prevent future leaks?

Implement strict `.gitignore` and `.npmignore` rules, use environment variables or secret vaults, enable secret scanning in your CI/CD pipelines, and educate your team on secure coding practices.

What if I find leaked credentials in my package?

Immediately revoke those credentials and replace them with new ones. Inform your users if necessary and republish the package without the secrets.

Has Anthropic released a fix?

As of April 2026, updates are in progress. Monitor official Anthropic channels for patches and upgrade Claude Code when available.

Are private npm packages safe?

Private packages reduce exposure risk but do not eliminate it. Secrets can still leak if the package is shared or if the repository is public.

Can secret scanning tools detect `.claude/settings.local.json` leaks?

Yes, most modern secret scanning tools can be configured to detect such files and flag sensitive content.

Is this vulnerability exploitable remotely?

The leak itself is a result of accidental public exposure rather than a remote exploit. However, exposed credentials can be used by attackers to access services remotely.

What changed in 2026 regarding this issue?

In 2026, there has been increased awareness, improved scanning tools, and initial patches from Anthropic, alongside community-driven best practices to mitigate the risk.

Why this matters

The inadvertent leakage of secrets in public npm packages poses a high risk of account compromise, data breaches, and service abuse. Attackers actively scan public repositories and packages for exposed credentials to launch attacks ranging from cloud resource hijacking to injecting malware into supply chains.

Given the widespread adoption of AI coding assistants like Claude Code, this vulnerability highlights the critical need for secure secret management and developer awareness. Failure to address this can lead to significant financial and reputational damage for individuals and organizations alike.

Sources and corroboration

This article is based on verified reports from Check Point and corroborated by multiple independent security sources, including analysis published on SecurityBrief.co.uk. The findings have been validated by security researchers who identified multiple public npm packages containing `.claude/settings.local.json` files with embedded secrets.

  • https://securitybrief.co.uk/story/claude-code-can-leak-secrets-in-public-npm-packages

By following the guidance outlined above, developers can significantly reduce the risk of secret leakage and protect their projects and users from potential exploitation.

Sources used for this article

securitybrief.co.uk

Artur Ślesik

Real reviewer profile

Artur Ślesik

Founder of HackWatch.io and WEB-NET; Editorial Reviewer

Open reviewer profile

Artur Ślesik is the founder of HackWatch.io and WEB-NET, a real named reviewer with 17+ years of experience building and maintaining web portals.

Coverage focus: Secure web portals, phishing prevention, user-facing recovery guides and practical web-security review

Editorial disclosure: This is a real named founder profile. HackWatch does not claim unverified security certifications, SOC employment history or CERT incident-response credentials for Artur. Security guidance is grounded in public sources, HackWatch tooling and first-hand web-portal experience.

Artur leads this data breach alerts coverage lane at HackWatch. This article is maintained as part of the ongoing editorial watch around "Claude Code Can Leak Secrets in Public npm Packages: What Developers Must Know".

Secure web portals and publishing operationsPhishing prevention and account-safety guidanceUser-facing recovery playbooks