Key Takeaways:
Anthropic leaked the source code for Claude Code CLI tool through an unobfuscated source map file in the latest NPM package.
The leak contained more than 512,000 lines of TypeScript code, it shows internal system prompts, secret APIs, and the core logic of their agentic architecture.
While the core AI model weights and user data remain safe, this is the second time Anthropic faced a packaging oversight in a year.
Security researcher Chaofan Shou reported that the latest version of Claude Code (v2.1.88) on the NPM registry contained an exposed source map file. According to the official report ,this 60MB file allowed anyone to reconstruct the original, human readable source code from the production version. This incident shared more than 1,900 files of Anthropic’s proprietary logic with the entire world.
Claude code source code has been leaked via a map file in their npm registry!
Code: https://t.co/jBiMoOzt8G pic.twitter.com/rYo5hbvEj8
— Chaofan Shou (@Fried_rice) March 31, 2026
The Anatomy of a Source Map Failure
In software development, source maps are meant for debugging and should never be included in a public release. Anthropic allowed the developer community to archive the entire repository on GitHub, where it received thousands of good reviews in a few hours. This is an example of a packaging oversight, where a company moves so fast in the AI race that basic security protocols are missed. For developers using CLI tools, this shows how fragile the connection between a local machine and a cloud based AI service is.
Anthropic accidentally leaks Claude Code source code
What Was Exposed in the 500,000 Lines
The leaked code provides a look into the brain of an AI agent. It includes the hidden system prompts that controls Claude’s behavior, the architecture for agentic functions, and unreleased internal APIs. The leak exposed the communication protocols between processes and the encryption tools used to secure the tool’s operations. The exposure of these internal recipes allows companies to study Anthropic’s methods for managing coding tasks and file system interactions while user data is not at risk.
It is the second leak for Anthropic in the last year. It suggests a weakness in the software release pipeline. The tools developers trust most can become the biggest failure if not managed with precision.
Read Next: CZ Warns About Supply Chain Attacks After Security Leak
Lessons for the AI Developer Community
The failure from this leak will be felt for months as hackers and researchers continue to analyze the logic behind Claude Code. It is a sign to strengthen CI/CD pipelines and ensure that metadata is stripped from every public package.
Read Next: Bybit Launched AI Hub to Let Users Trade Crypto Using AIs like ChatGPT, Claude, and Gemini