Anthropic's AI coding tool, Claude Code, accidentally reveals its source code; here's what happened | Mint

Anthropic accidentally exposed the full source code of its AI tool Claude Code due to a packaging error. While no user data or core AI systems were affected, the leak revealed the tool's internal workings, raising concerns over security practices.

Anthropic, the San Francisco-based artificial intelligence (AI) company, on Tuesday (local time), inadvertently exposed the entire source code of Claude Code, its AI coding tool, NDTV reported.

The source code was exposed due to a basic packaging oversight that, according to security researchers, should never happen in a finished software product.

Security researcher Chaofan Shau on Tuesday found that Claude Code, the AI company's flagship command-line coding tool, exposed its full source code. The issue stemmed from a 60MB source file map (cli.js.map) bundled within its npm package, which made it possible to recreate the original TypeScript code from the compiled version, the report added.

The npm registry, where the file was hosted, is the largest public repository for software packages and is widely used by developers to distribute and access tools.

According to BlockBeats, the leak only affects part of the Claude Code tool itself and does not include user data or the AI's core systems, so it doesn't pose a direct risk to regular users. In simple terms, your personal information and chats are safe. However, because the full code is now visible, anyone can see how the tool is built, how it works behind the scenes, and how it handles things like usage tracking and security.

A source map is an additional file used in development that links a program's compressed, production-ready code back to its original, human-readable version. It helps developers debug and troubleshoot issues more efficiently. However, such files are not meant to be included in public releases, as they can effectively expose the entire underlying codebase.

According to BlockBeats, the latest version of Claude Code (v2.1.88), released on 31 March, still included this file. It reportedly contained the full code for 1,906 proprietary source files, detailing elements such as internal API structures, telemetry systems, encryption mechanisms, and inter-process communication protocols.