I’m not going to repeat what everyone already knows about the source code leak. What I do want to flag is something I’m not seeing discussed enough in this sub. There are already dozens of repos out there claiming to be “improved” or “unlocked” versions of Claude Code. Some say they’ve stripped telemetry, others have removed security restrictions. People are installing them. And these are tools with bash access that execute commands autonomously on your machine. On top of that, the same day as the leak there was a completely separate supply chain attack on the axios npm package with a RAT attributed to North Korea. Different incident, but it shows how fast bad actors move when there’s chaos. I wrote an article covering all three incidents from March 31, why the xz-utils backdoor should have taught us something, and why I run all my AI agents inside Docker containers instead of directly on my host machine. https://menetray.com/en/blog/claude-codes-source-code-leaked-problem-isnt-leak-its-what-comes-after Curious to hear if anyone else here is containerizing their agents or if I’m in the minority. submitted by /u/rmenetray
Originally posted by u/rmenetray on r/ClaudeCode