Anthropic Leaked Claude Code Source Through NPM Packaging Error - Techiexpert.com
While the core AI model weights and user data remain safe, this is the second time Anthropic faced a packaging oversight in a year.
Security researcher Chaofan Shou reported that the latest version of Claude Code (v2.1.88) on the NPM registry contained an exposed source map file. According to the official report ,this 60MB file allowed anyone to reconstruct the original, human readable source code from the production version. This incident shared more than 1,900 files of Anthropic's proprietary logic with the entire world.
In software development, source maps are meant for debugging and should never be included in a public release. Anthropic allowed the developer community to archive the entire repository on GitHub, where it received thousands of good reviews in a few hours. This is an example of a packaging oversight, where a company moves so fast in the AI race that basic security protocols are missed. For developers using CLI tools, this shows how fragile the connection between a local machine and a cloud based AI service is.
The leaked code provides a look into the brain of an AI agent. It includes the hidden system prompts that controls Claude's behavior, the architecture for agentic functions, and unreleased internal APIs. The leak exposed the communication protocols between processes and the encryption tools used to secure the tool's operations. The exposure of these internal recipes allows companies to study Anthropic's methods for managing coding tasks and file system interactions while user data is not at risk.
It is the second leak for Anthropic in the last year. It suggests a weakness in the software release pipeline. The tools developers trust most can become the biggest failure if not managed with precision.
Read Next: CZ Warns About Supply Chain Attacks After Security Leak
The failure from this leak will be felt for months as hackers and researchers continue to analyze the logic behind Claude Code. It is a sign to strengthen CI/CD pipelines and ensure that metadata is stripped from every public package.