@anthropic-ai/claude-code
Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| maintainer-change | maintainer-removed | AI (maintainer-change): Anthropic org package with strong publisher track record; maintainer rotation is expected at this scale. | ai | |
| source-diff | encoded-string-file:cli.js | AI (source-diff): cli.js is a minified bundle; 'encoded strings' are inline shell scripts for terminal/environment detection, standard for this CLI tool. Stable FP. | ai | |
| npm-metadata | bundled-binaries | AI (npm-metadata): Bundled ripgrep and audio-capture binaries are expected for this cross-platform CLI tool; stable across versions. | ai | |
| provenance | no-provenance | AI (provenance): Published under verified @anthropic-ai scope with consistent publisher; lack of Sigstore provenance is not a risk signal here. | ai | |
| license | uncommon-license:SEE LICENSE IN README.md | AI (license): Commercial product with custom license terms referenced in README; standard for Anthropic's products. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Official Anthropic CLI package with 387 versions and strong publisher track record; dormancy gaps are expected for a commercial product with irregular release cadence. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): child_process/spawnSync is used to invoke the platform-specific Claude binary with stdio:inherit — expected behavior for a CLI wrapper package. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): cli-wrapper.cjs spreads process.env to pass user environment to the spawned CLI binary — required for a transparent CLI wrapper, not exfiltration. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): Postinstall runs node install.cjs to select the correct platform-specific binary from optional dependencies — standard native binary distribution pattern for this package. | ai |
Versions (showing 51 of 60)
| Version | Deps | Published |
|---|---|---|
| 2.1.163 | 0 / 0 | |
| 2.1.161 | 0 / 0 | |
| 2.1.160 | 0 / 0 | |
| 2.1.157 | 0 / 0 | |
| 2.1.149 | 0 / 0 | |
| 2.1.148 | 0 / 0 | |
| 2.1.146 | 0 / 0 | |
| 2.1.145 | 0 / 0 | |
| 2.1.144 | 0 / 0 | |
| 2.1.143 | 0 / 0 | |
| 2.1.142 | 0 / 0 | |
| 2.1.141 | 0 / 0 | |
| 2.1.140 | 0 / 0 | |
| 2.1.139 | 0 / 0 | |
| 2.1.137 | 0 / 0 | |
| 2.1.136 | 0 / 0 | |
| 2.1.133 | 0 / 0 | |
| 2.1.132 | 0 / 0 | |
| 2.1.131 | 0 / 0 | |
| 2.1.128 | 0 / 0 | |
| 2.1.126 | 0 / 0 | |
| 2.1.124 | 0 / 0 | |
| 2.1.123 | 0 / 0 | |
| 2.1.120 | 0 / 0 | |
| 2.1.119 | 0 / 0 | |
| 2.1.118 | 0 / 0 | |
| 2.1.117 | 0 / 0 | |
| 2.1.116 | 0 / 0 | |
| 2.1.114 | 0 / 0 | |
| 2.1.113 | 0 / 0 | |
| 2.1.112 | 0 / 0 | |
| 2.1.111 | 0 / 0 | |
| 2.1.110 | 0 / 0 | |
| 2.1.109 | 0 / 0 | |
| 2.1.108 | 0 / 0 | |
| 2.1.107 | 0 / 0 | |
| 2.1.105 | 0 / 0 | |
| 2.1.104 | 0 / 0 | |
| 2.1.101 | 0 / 0 | |
| 2.1.100 | 0 / 0 | |
| 2.1.98 | 0 / 0 | |
| 2.1.97 | 0 / 0 | |
| 2.1.96 | 0 / 0 | |
| 2.1.94 | 0 / 0 | |
| 2.1.92 | 0 / 0 | |
| 2.1.91 | 0 / 0 | |
| 2.1.90 | 0 / 0 | |
| 2.1.89 | 0 / 0 | |
| 2.1.87 | 0 / 0 | |
| 2.1.86 | 0 / 0 | |
| 2.1.85 | 0 / 0 |
v2.1.163
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.161
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.160
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.157
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.149
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.148
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.146
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.145
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.144
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.143
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.142
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.141
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.140
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.139
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.137
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.136
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.133
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.132
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.131
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.128
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.126
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.124
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.120
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.119
3 findingsScript: node install.cjs
Spreading entire process.env into an object — may capture all secrets 105 | const result = spawnSync(binaryPath, process.argv.slice(2), { 106 | stdio: 'inherit', > 107 | env: { ...process.env, CLAUDE_CODE_INSTALLED_VIA_NPM_WRAPPER: '1' }, 108 | }) 109 | if (result.error) {
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.118
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.117
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.116
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.114
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.113
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.112
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/seccomp/arm64/apply-seccomp • vendor/seccomp/x64/apply-seccomp • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node ... and 4 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.111
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/seccomp/arm64/apply-seccomp • vendor/seccomp/x64/apply-seccomp • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node ... and 4 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.110
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/seccomp/arm64/apply-seccomp • vendor/seccomp/x64/apply-seccomp • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node ... and 4 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.109
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/seccomp/arm64/apply-seccomp • vendor/seccomp/x64/apply-seccomp • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node ... and 4 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.108
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/seccomp/arm64/apply-seccomp • vendor/seccomp/x64/apply-seccomp • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node ... and 4 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.107
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/seccomp/arm64/apply-seccomp • vendor/seccomp/x64/apply-seccomp • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node ... and 4 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.105
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/seccomp/arm64/apply-seccomp • vendor/seccomp/x64/apply-seccomp • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node ... and 4 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.104
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/seccomp/arm64/apply-seccomp • vendor/seccomp/x64/apply-seccomp • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node ... and 4 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.101
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/seccomp/arm64/apply-seccomp • vendor/seccomp/x64/apply-seccomp • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node ... and 4 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.100
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/seccomp/arm64/apply-seccomp • vendor/seccomp/x64/apply-seccomp • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node ... and 4 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.98
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/seccomp/arm64/apply-seccomp • vendor/seccomp/x64/apply-seccomp • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node ... and 4 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.97
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/seccomp/arm64/apply-seccomp • vendor/seccomp/x64/apply-seccomp • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node ... and 4 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.96
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/seccomp/arm64/apply-seccomp • vendor/seccomp/x64/apply-seccomp • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node ... and 4 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.94
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/seccomp/arm64/apply-seccomp • vendor/seccomp/x64/apply-seccomp • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node ... and 4 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.92
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/seccomp/arm64/apply-seccomp • vendor/seccomp/x64/apply-seccomp • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node ... and 4 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.91
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node • vendor/audio-capture/arm64-win32/audio-capture.node • vendor/audio-capture/x64-darwin/audio-capture.node ... and 2 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.90
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node • vendor/audio-capture/arm64-win32/audio-capture.node • vendor/audio-capture/x64-darwin/audio-capture.node ... and 2 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.89
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node • vendor/audio-capture/arm64-win32/audio-capture.node • vendor/audio-capture/x64-darwin/audio-capture.node ... and 2 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.87
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node • vendor/audio-capture/arm64-win32/audio-capture.node • vendor/audio-capture/x64-darwin/audio-capture.node ... and 2 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.86
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node • vendor/audio-capture/arm64-win32/audio-capture.node • vendor/audio-capture/x64-darwin/audio-capture.node ... and 2 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.85
2 findingsPackage contains compiled binaries that could be backdoors: • vendor/ripgrep/arm64-darwin/rg • vendor/ripgrep/arm64-linux/rg • vendor/ripgrep/x64-darwin/rg • vendor/ripgrep/x64-linux/rg • vendor/ripgrep/arm64-win32/rg.exe • vendor/ripgrep/x64-win32/rg.exe • vendor/audio-capture/arm64-darwin/audio-capture.node • vendor/audio-capture/arm64-linux/audio-capture.node • vendor/audio-capture/arm64-win32/audio-capture.node • vendor/audio-capture/x64-darwin/audio-capture.node ... and 2 more
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.