Claude Code follows up with 2.1.160 — and this time the update centers on a spot that’s easy to overlook as a user: files that run automatically when your shell starts. That’s exactly where a single smuggled-in command can quietly take up residence.
A Prompt Before Writing to Startup Files
The new behavior: Claude Code now asks before writing to shell startup files like .zshenv, .zlogin, or .bash_login, as well as ~/.config/git/. The reason is simple — those files load automatically every time you open a new terminal. Anyone who writes to them can get commands to run unnoticed, long after the actual session is over. Instead of letting that happen silently, Claude Code now stops and asks.
acceptEdits Mode Gets More Careful Too
The same idea shows up in acceptEdits mode, where edits normally go through without a prompt. From now on, Claude Code asks here as well before writing build-tool configs that can execute code: .npmrc, .yarnrc*, bunfig.toml, .bazelrc, .pre-commit-config.yaml, .devcontainer/, and the like. These are the unassuming files that can suddenly make a project run someone else’s code on the next install or commit hook. Good to see a brake added right there.
The Bug Fixes Around It
Beyond the security angle, there are solid day-to-day improvements. An Edit no longer requires a separate Read if you viewed a file with grep first — a single-file grep/egrep/fgrep now satisfies the read-before-edit check. Also fixed: claude update was installing the latest version instead of the version from your configured release channel on npm installs. And the multi-gigabyte memory spike when resuming a session by transcript file path — especially on machines with many stored sessions — got fixed too.
On top of that come the usual smaller corrections to the daemon, terminal rendering, MCP tools, and the UI. None of it is spectacular, but together it’s exactly what makes a tool dependable.
I like the direction: Claude Code isn’t getting louder, it’s getting more thoughtful. The startup-file prompt in particular is one of those details you only appreciate once you realize how quietly damage could be done in precisely that spot.
Sources: GitHub: Claude Code Releases, Claude Code Changelog