Urgent: Claude-code File Deletion Bug Reported!

We've received a concerning report from a user experiencing a critical bug within Claude-code. This bug reportedly led to the unintended deletion of all files on their drive, raising serious questions about the application's file system interaction. This article aims to dissect the reported issue, analyze the technical details provided, and discuss the potential implications of such a bug. We will also delve into steps users can take to protect their data and what developers should prioritize in addressing this critical vulnerability.

Bug Report Overview

The user's report details a catastrophic scenario where Claude-code purportedly wiped their entire drive. The user expresses significant distress and demands a refund, highlighting the severity of the data loss. While the user's language is understandably emotional, the core issue—unintended file deletion—demands immediate attention and thorough investigation.

Key Details From the Report

• Platform: The issue occurred on a Windows (win32) platform.
• Version: The user was running version 2.0.53 of Claude-code.
• Error Logs: Several error messages were provided, indicating potential problems with shell processes, file access, and npm package installation. A RangeError related to stdout maxBuffer suggests issues with command output handling, while npm error EBUSY points to file locking problems during package updates. The error involving rg.exe (ripgrep) indicates potential issues with file searching operations.
• File Deletion: The user explicitly states that the application deleted everything on their drive, though the exact mechanism remains unclear from the provided information. This suggests a severe flaw in how the application interacts with the file system, potentially due to incorrect command execution or insufficient safeguards against accidental data loss.

Technical Analysis of Error Logs

The provided error logs offer crucial clues into the potential causes of this issue. Let's break down some key errors:

Shell Process Errors

Several errors indicate that shell processes were not running or could not be killed. These errors suggest issues with how Claude-code manages background processes and interacts with the operating system's shell. It's possible that faulty shell management could lead to unintended commands being executed on the file system.

[{"error":"Error: Shell 7dafae is not running, so cannot be killed (status: completed)
    at Object.call (file:///C:/Users/Admin/AppData/Roaming/npm/node_modules/@anthropic-ai/claude-code/cli.js:2828:1830)
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
    at async Gh5 (file:///C:/Users/Admin/AppData/Roaming/npm/node_modules/@anthropic-ai/claude-code/cli.js:2219:20784)","timestamp":"2025-11-26T07:11:26.198Z"},

npm Installation Errors

The npm error EBUSY suggests that a file was locked during the installation or update process. This could be due to another process using the file, or potentially an issue within the application's file handling mechanisms. This specific error can sometimes occur when the application attempts to modify files that are currently in use or locked by the operating system.

{"error":"K51: Failed to install new version of claude:  npm error code EBUSY
npm error syscall copyfile
npm error path C:\\Users\\Admin\\AppData\\Roaming\\npm\\node_modules\\@anthropic-ai\\claude-code\\node_modules\\@img\\sharp-win32-x64\\lib\\libvips-42.dll
npm error dest C:\\Users\\Admin\\AppData\\Roaming\\npm\\node_modules\\@anthropic-ai\\.claude-code-mEIP8Bfk\\node_modules\\@img\\sharp-win32-x64\\lib\\libvips-42.dll
npm error errno -4082
npm error EBUSY: resource busy or locked, copyfile 'C:\\Users\\Admin\\AppData\\Roaming\\npm\\node_modules\\@anthropic-ai\\claude-code\\node_modules\\@img\\sharp-win32-x64\\lib\\libvips-42.dll' -> 'C:\\Users\\Admin\\AppData\\Roaming\\npm\\node_modules\\@anthropic-ai\\.claude-code-mEIP8Bfk\\node_modules\\@img\\sharp-win32-x64\\lib\\libvips-42.dll'
npm error A complete log of this run can be found in: C:\\Users\\Admin\\AppData\\Local\\npm-cache\\_logs\\2025-11-26T07_47_20_479Z-debug-0.log
    at FRA (file:///C:/Users/Admin/AppData/Roaming/npm/node_modules/@anthropic-ai/claude-code/cli.js:2709:457)
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
    at async file:///C:/Users/Admin/AppData/Roaming/npm/node_modules/@anthropic-ai/claude-code/cli.js:2711:9753","timestamp":"2025-11-26T07:47:21.498Z"},

Ripgrep Errors

The errors related to rg.exe (ripgrep) indicate potential problems with file searching operations. Ripgrep is a tool commonly used for quickly searching through files, and these errors suggest that the application may be encountering issues with file access permissions or incorrect file paths. In this specific case, the error message "Incorrect function. (os error 1)" when trying to access nul files within certain directories could point to a misconfigured search or an attempt to operate on invalid file paths. It's essential to examine the context in which ripgrep is being used to determine if this error could contribute to unintended file operations.

{"error":"Error: Command failed: C:\\Users\\Admin\\AppData\\Roaming\\npm\\node_modules\\@anthropic-ai\\claude-code\\vendor\\ripgrep\\x64-win32\\rg.exe --hidden --glob !.git --glob !.svn --glob !.hg --glob !.bzr --max-columns 500 -i -n reportNumberOfDTC|0x19.*0x01|NumberOfDTC C:\\Users\\Admin\\Desktop\\ALLFORD\nrg: C:\\Users\\Admin\\Desktop\\ALLFORD\\nul: Incorrect function. (os error 1)
rg: C:\\Users\\Admin\\Desktop\\ALLFORD\\FDRS\\nul: Incorrect function. (os error 1)
rg: C:\\Users\\Admin\\Desktop\\ALLFORD\\IDS\\nul: Incorrect function. (os error 1)

    at genericNodeError (node:internal/errors:983:15)
    at wrappedFn (node:internal/errors:537:14)
    at ChildProcess.exithandler (node:child_process:417:12)
    at ChildProcess.emit (node:events:519:28)
    at ChildProcess.emit (node:domain:489:12)
    at maybeClose (node:internal/child_process:1101:16)
    at Soc

Potential Causes of File Deletion

Based on the error logs and the user's report, several potential causes for the unintended file deletion emerge:

1. Faulty Shell Command Execution: The errors related to shell processes suggest that the application might be executing commands incorrectly or without proper safeguards. A malformed command could potentially lead to the deletion of files if it inadvertently targets the wrong directories.
2. File System Permission Issues: The npm error EBUSY and ripgrep errors could indicate that the application is encountering issues with file permissions. If the application lacks the necessary permissions or attempts to access files that are locked, it could lead to unexpected behavior, including file deletion.
3. Bug in File Handling Logic: A core bug in the application's file handling logic could be responsible for the unintended deletion. This could involve errors in path manipulation, recursive directory operations, or incorrect use of file system APIs.
4. Overly Aggressive Cleanup Routines: It's conceivable that Claude-code has cleanup routines designed to remove temporary files or cache data, but a bug in these routines could lead to the deletion of important files. These routines might have logical errors or be triggered under unintended conditions.
5. Malicious Code (Less Likely): While less probable, the possibility of malicious code cannot be entirely ruled out. A compromised application or a malicious library could potentially cause file deletion. However, given the error logs, it's more likely that a coding error or misconfiguration is the primary cause.

Steps for Users to Protect Their Data

In light of this serious bug report, users of Claude-code should take immediate steps to protect their data:

• Back Up Your Data: The most critical step is to back up all important data immediately. This could involve copying files to an external drive, cloud storage, or another secure location. Regular backups are essential for protecting against data loss in any scenario.
• Disable or Uninstall Claude-code: To prevent further potential data loss, consider disabling or uninstalling Claude-code until the issue is resolved. This will eliminate the risk of the application inadvertently deleting files.
• Monitor File System Activity: Keep a close eye on your file system activity. If you notice any unexpected file modifications or deletions, take immediate action to investigate and recover your data.
• Report the Issue: If you encounter this bug, report it to the Claude-code developers with as much detail as possible. Include error logs, steps to reproduce the issue, and any other relevant information. Detailed reports help developers diagnose and fix bugs more effectively.
• Use File Recovery Tools: In the event of data loss, file recovery tools may be able to recover deleted files. These tools scan your storage devices for traces of deleted files and attempt to restore them. However, the success of file recovery depends on various factors, such as how long ago the files were deleted and whether the storage space has been overwritten.

Recommendations for Developers

For the developers of Claude-code, this bug report should trigger an immediate and comprehensive response. Here are some recommendations:

1. Acknowledge and Prioritize the Issue: Publicly acknowledge the bug report and assure users that the issue is being given the highest priority. Prompt communication helps build trust and confidence in your response.
2. Thoroughly Investigate the Root Cause: Conduct a detailed investigation to identify the exact cause of the file deletion bug. This should involve analyzing the code, error logs, and user reports. Use debugging tools and code reviews to pinpoint the source of the problem.
3. Implement File System Safeguards: Implement robust safeguards to prevent accidental file deletion. This could include adding confirmation prompts before deleting files, using secure file deletion APIs, and implementing thorough error handling for file system operations. Sandboxing the application's file system access could also prevent it from inadvertently modifying system-critical files.
4. Review Shell Command Execution: Carefully review the application's shell command execution logic. Ensure that commands are properly sanitized and validated before execution. Implement safeguards to prevent the execution of arbitrary commands that could harm the file system.
5. Improve Error Handling and Logging: Enhance error handling and logging to provide more detailed information about potential issues. This will help in diagnosing and fixing bugs more efficiently in the future. Include detailed error messages, stack traces, and context information in the logs.
6. Conduct Extensive Testing: Perform extensive testing, including unit tests, integration tests, and user acceptance testing, to ensure that the bug is fully resolved and that no new issues are introduced. Testing should cover various scenarios, including edge cases and unexpected inputs.
7. Communicate Transparently with Users: Keep users informed about the progress of the investigation and the steps being taken to resolve the issue. Provide regular updates and estimated timelines for the fix. Transparency helps maintain user trust and demonstrates a commitment to resolving the problem.
8. Consider a Bug Bounty Program: To encourage external researchers to identify and report potential vulnerabilities, consider implementing a bug bounty program. This can help uncover security flaws and bugs that might otherwise go unnoticed.

Conclusion

The reported file deletion bug in Claude-code is a serious issue that demands immediate attention. The potential for data loss is significant, and users must take steps to protect their files. Developers must prioritize investigating and fixing this bug, implementing safeguards to prevent future occurrences, and communicating transparently with users. By addressing this issue promptly and effectively, the developers can restore user trust and ensure the integrity of the application. Data loss can be a stressful experience, and taking preventive measures is the best way to mitigate such risks. This incident underscores the critical importance of robust testing, thorough error handling, and secure file system interactions in software development.

For additional information on data backup strategies, visit reputable websites such as https://www.us-cert.gov/ for guidance and best practices.