[BUG] autoUpdatesProtectedForNative overrides autoUpdates:false on npm (global) installation

Resolved 💬 3 comments Opened Feb 9, 2026 by Christiaan-Soops Closed Feb 13, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Claude Code auto-updated from 2.1.19 to 2.1.37 over a weekend despite autoUpdates being explicitly set to false. The autoUpdatesChannel was set to "stable" (currently 2.1.25), but the
update went to 2.1.37 (the latest tag), ignoring both settings.

Configuration

~/.claude.json (relevant fields):
{
"installMethod": "global",
"autoUpdates": false,
"lastReleaseNotesSeen": "2.1.19",
"autoUpdatesProtectedForNative": true
}

~/.claude/settings.json:
{
"autoUpdatesChannel": "stable"
}

What happened

  • Installed via npm (installMethod: "global")
  • Explicitly disabled auto-updates (autoUpdates: false)
  • Set channel to stable (autoUpdatesChannel: "stable")
  • Was on version 2.1.19 on Friday
  • On Monday, Claude Code had silently updated to 2.1.37

Root cause (suspected)

The autoUpdatesProtectedForNative: true flag appears to override autoUpdates: false, even though the installation method is "global" (npm), not native. Additionally, the update went to
latest (2.1.37) instead of stable (2.1.25), ignoring the autoUpdatesChannel setting.

Three settings violated

  1. autoUpdates: false — update happened anyway
  2. autoUpdatesChannel: "stable" — stable is 2.1.25, but updated to 2.1.37 (latest)
  3. installMethod: "global" — the autoUpdatesProtectedForNative flag should not apply to npm installations

Impact

Version 2.1.30+ introduced a Windows regression where keyboard input is not accepted after startup (related: #22969). The unwanted auto-update broke the user's workflow, requiring manual
downgrade.

Environment

  • OS: Windows 11
  • Terminal: Windows Terminal
  • Install method: npm install -g @anthropic-ai/claude-code
  • Previous version: 2.1.19
  • Updated to: 2.1.37
  • Current stable tag: 2.1.25

What Should Happen?

With autoUpdates: false, Claude Code should never auto-update. If auto-updates were enabled, it should respect autoUpdatesChannel: "stable" and only update to the stable-tagged version.

Error Messages/Logs

Steps to Reproduce

  1. Have Claude Code installed via npm at version 2.1.19:

npm install -g @anthropic-ai/claude-code@2.1.19

  1. Run claude install (to set up shell integration/hooks). This silently:
  • Updates Claude Code to the latest version (2.1.37)
  • Sets autoUpdatesProtectedForNative: true in ~/.claude.json
  1. Notice the unwanted upgrade. Downgrade back to 2.1.19:

npm install -g @anthropic-ai/claude-code@2.1.19

  1. Explicitly disable auto-updates in ~/.claude.json:

"autoUpdates": false

  1. Set channel to stable in ~/.claude/settings.json:

"autoUpdatesChannel": "stable"

  1. Verify version:

claude --version
# Output: 2.1.19

  1. Close Claude Code and wait (in my case, over a weekend)
  2. Open Claude Code again and check version:

claude --version
# Expected: 2.1.19
# Actual: 2.1.37

Claude Model

Opus

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

2.1.37

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

PowerShell

Additional Information

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗