Security: Claude Code committed obfuscated eval() backdoor in tailwind.config.ts

Resolved 💬 2 comments Opened Apr 9, 2026 by Kenseco Closed May 23, 2026

Summary

During a Claude Code session on March 22, 2026, a malicious eval() payload was committed to tailwind.config.ts as part of a multi-file commit co-authored by Claude Opus 4.6. The payload was hidden after ~300 spaces at the end of a line, making it invisible in normal code review.

Details

  • Commit: 9b3790d ("Fix race condition, memory leak, null safety, and input validation")
  • File: packages/web/tailwind.config.ts
  • Change: The only modification to this file was replacing }; with }; + ~300 spaces + eval("global['_V']='5-209';"+atob('...'))
  • Payload signature: _V='5-209' — a known malware family targeting Node.js developers

What the payload does

The base64-decoded payload:

  1. Fetches encrypted commands from Tron blockchain API (api.trongrid.io)
  2. Falls back to Aptos blockchain API (fullnode.mainnet.aptoslabs.com)
  3. Decodes the command via BSC RPC (bsc-dataseed.binance.org)
  4. Executes the decoded code via eval() and spawns hidden child processes (detached: true, stdio: "ignore", windowsHide: true)

Possible causes

  1. A compromised npm package modified the file on disk via a postinstall script, and Claude Code then staged and committed it without detecting the obfuscated payload
  2. Poisoned training data caused Claude Code to generate the payload directly
  3. Prompt injection in the conversation context at the time

No package.json or package-lock.json changes were in the same commit, but there was an npm install a few commits earlier.

Suggestion

Claude Code should detect and refuse to commit:

  • eval() calls with atob() or base64-encoded strings
  • Lines with excessive trailing whitespace hiding code off-screen
  • Known malware signatures like blockchain-based C2 patterns

Environment

  • Model: Claude Opus 4.6 (1M context)
  • Platform: macOS (Darwin)
  • Date: March 22, 2026
  • Project: Private monorepo (Nuxt 3 + Node.js API)

The payload has been removed. Reporting for awareness and to help improve Claude Code safety checks.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗