On March 31, 2026, the day before April Fools, the internet handed developers two stories so absurd they would have been dismissed as jokes if they weren't completely, verifiably real. A major npm package got hijacked by North Korean hackers. And Anthropic accidentally leaked Claude Code's entire source code. Nobody planned this. Nobody needed to.

The setup

Every year, April 1st brings a wave of fake tech announcements. Fake product launches, fake acquisitions, fake open-source releases. The community has learned to be skeptical of anything posted on or around April Fools. Which makes March 31, 2026 almost poetic, because on that specific day, two things happened that would have been roundly disbelieved if they had been posted as jokes.

Joke one: North Korea hacked your HTTP client

Axios, the JavaScript HTTP client sitting in the dependency tree of what feels like every web app ever built, got compromised. Attackers hijacked the npm account of a lead maintainer and published malicious versions 1.14.1 and 0.30.4. These versions pulled in [email protected] as a dependency, which ran a postinstall script and silently deployed a cross-platform remote access trojan. The packages stayed live for roughly two to three hours before being removed. Multiple security teams have since attributed the attack to a North Korea-nexus group tracked as UNC1069, with overlaps to prior WAVESHAPER tooling and infrastructure. If someone had posted "North Korea hacked axios and installed a RAT via a postinstall script" on April 1st, it would have been a pretty good bit. Instead, it was just a Tuesday.

Joke two: Anthropic shipped its own source code

Hours later, Anthropic's Claude Code CLI published version 2.1.88 to npm. Tucked inside the package was a large source map file that exposed the full TypeScript codebase, unreleased features, internal orchestration logic, and all. The package was pulled quickly, but by then mirrors had already spread across GitHub and developer forums. To be clear, no model weights leaked. No user data was exposed. But the architecture of how Claude Code thinks, routes tasks, and enforces permissions was now public knowledge. If someone had posted "Anthropic accidentally open-sourced Claude Code" as an April Fools tweet, it would have gotten a lot of likes and a few "wait, is this real?" replies. It was real.

Why it matters

Axios sits so deep in so many dependency trees that a two-hour compromise window is enough to cause months of incident response. Even if you never imported plain-crypto-js directly, a transitive install during that window could have executed the payload. The North Korea attribution is not a dramatic flourish either, the malware lineage and infrastructure overlaps with known campaigns suggest a capable actor who specifically targets software supply chains. The Claude Code leak is a different kind of damage. No one's credentials were stolen, but the internal orchestration patterns, safety hooks, and unshipped features that Anthropic had been quietly building are now accelerating competitor timelines. It also creates a long tail of counterfeit distributions that could hide actual malware behind a trusted brand.

What to do about the axios compromise

Audit your CI logs for installs between March 31, 2026 00:00 and 04:00 UTC. If you find [email protected] or 0.30.4, or [email protected] anywhere in the tree, treat the environment as compromised. Rotate every credential and token that was reachable from affected hosts, rebuild from clean lockfiles pinned to safe axios versions, and redeploy. Hunt for RAT persistence artifacts on macOS, Windows, and Linux, and watch for outbound C2 traffic flagged in the threat intel reports. Longer term, remove long-lived npm tokens from CI entirely. Short-lived OIDC trusted publishing is the right default, with no NPM_TOKEN fallback when OIDC is configured.

What to do about the Claude Code leak

Only install Claude Code from official Anthropic channels. A wave of look-alike repos and repackaged binaries is already circulating. If you run security reviews for your team, this is a good moment to add guardrails for sourcing CLI tools from npm, require provenance attestations on packages, and flag unusually large source map artifacts as a publishing signal to investigate.

The punchline

The best April Fools jokes are the ones that sound too absurd to be real. North Korea compromising a JavaScript HTTP client via a postinstall RAT. Anthropic shipping its own source code in a patch release. Both happened on the same day, the day before April 1st, when everyone's guard was still down. No one wrote these as a bit. The timeline just has a sense of humor. The actual lesson is the same one it always is: the modern developer stack is a supply chain, and security comes down to unsexy decisions. Token hygiene in CI. Provenance on package publishes. Dependency pinning. Knowing where your tools actually come from. The axios attack shows how one compromised maintainer account ripples across an ecosystem. The Claude Code leak shows how a single misconfigured publish step spills months of engineering into the wild. The takeaway is not panic. It is discipline.

References