Anthropic Accidentally Leaks Full Source Code of Claude Code via npm Sourcemap Error
Anthropic exposed the entire source code of its AI coding assistant Claude Code through a misconfigured npm package containing a source map file.
Anthropic Leaks Claude Code Source Code in npm Packaging Mishap
March 31, 2026 — In a notable build configuration error, Anthropic has accidentally leaked the complete source code of Claude Code, its terminal-based AI coding agent, through the public npm registry.Security researcher Chaofan Shou first spotted and publicly disclosed the issue earlier today, noting that the official @anthropic-ai/claude-code npm package contained a .map source map file. These files, typically used only for development debugging, mapped back to the original unobfuscated TypeScript source, allowing anyone to reconstruct the full codebase.The exposure reportedly includes approximately 1,900–2,300 internal files totaling over 512,000 lines of code. This encompasses the tool’s React + Ink-based CLI architecture, multi-agent “swarm” logic, sub-agent systems, system prompts guiding its behavior, and references to experimental or unreleased features (such as advanced memory systems and interactive elements like “Buddy”).The leaked material was accessible via a direct link to a src.zip archive hosted on Anthropic’s own Cloudflare R2 storage bucket. Mirrors and archives quickly appeared on GitHub, with developers discussing and forking the content for analysis.Important Clarifications:
This is not a breach of the Claude AI model itself. No weights, training data, or core LLM parameters were exposed — only the client-side CLI tool that interacts with Anthropic’s APIs.
No user data or sensitive credentials appear to have been compromised. It stems from a classic developer oversight: failing to exclude source maps from a production npm publish.
Anthropic has already updated the package to remove the problematic file, but copies of the leaked code continue to circulate.
The incident highlights ongoing challenges in software supply chain hygiene, especially for high-profile AI tools. Claude Code, positioned as an agentic coding companion capable of autonomous task execution in the terminal, has seen rapid development throughout 2026, including features for computer use, PR automation, and enhanced context management.This marks another public exposure for Anthropic in recent weeks, following a separate leak of internal documents related to an unreleased model (internally referred to as Claude Mythos or “Capybara”).What It Means for Developers
For those building with or competing against Anthropic’s tools, the leak offers an unprecedented look inside a sophisticated agentic system. However, downloading or redistributing the code may raise copyright concerns, as Anthropic has pursued DMCA actions against similar reverse-engineering efforts in the past.
Instagram ne propose pas de partage web en un clic. Utilisez « Copier pour Instagram » ou « Copier le lien », puis collez dans Stories, Reels ou votre bio. Les aperçus de lien utilisent l’image de couverture de l’article (Open Graph).