Anthropic's Claude Code Source Code Reportedly Leaked Via Their npm Registry

Anthropic's proprietary Claude Code CLI tool has had its full TypeScript source code inadvertently exposed through a misconfigured npm package, after a security researcher discovered a leaked file referencing the unobfuscated codebase stored on Anthropic's own cloud infrastructure.

On March 31, 2026, researcher Chaofan Shou made the disclosure public, posting: "Claude code source code has been leaked via a map file in their npm registry!"

The published npm package reportedly contained a source map () file that referenced the complete, unminified TypeScript source, which was directly downloadable as a ZIP archive from Anthropic's own R2 cloud storage bucket.

The original unmodified source has since been preserved and mirrored in a public GitHub repository under the backup branch .

What Was Exposed

The leaked codebase represents the entirety of Claude Code's directory, approximately 1,900 files and over 512,000 lines of code written in strict TypeScript, using the Bun runtime and a React + Ink terminal UI framework. The disclosure is substantial in scope, touching every critical subsystem of the CLI tool.

Key files confirmed in the leak include (~46,000 lines), which drives the core LLM API engine, including streaming, tool loops, and token tracking; (~29,000 lines), defining all agent tool types and permission schemas; and (~25,000 lines), which registers and executes the tool's slash commands.

The exposed architecture details approximately 40 agent tools, including , , , and for sub-agent spawning as well as roughly 85 slash commands spanning Git workflows, code review, memory management, and multi-agent orchestration.

The leak also reveals internal feature flags such as , , , and , indicating product features not yet publicly released.

How Source Maps Cause Leaks

Source map files () are standard developer tools designed to map compiled or minified JavaScript back to its original source for debugging purposes.

When inadvertently bundled into production npm releases, however, they expose proprietary source code to anyone who knows where to look effectively bypassing obfuscation entirely. This is not the first time such an error has affected Anthropic; a similar source map exposure was reportedly patched in early 2025.

The breach raises serious intellectual property concerns for Anthropic, as the exposed code covers internal API client logic, OAuth 2.0 authentication flows, permission enforcement, multi-agent coordination, and even undisclosed feature pipelines. At the time of writing, Anthropic has not issued a public statement regarding the incident.

Organizations integrating Claude Code into their development workflows should monitor Anthropic's official security advisories. Developers are urged to review the official npm registry for patched releases and avoid third-party mirrors of the leaked source.

Note: This article is based on publicly available disclosures. Cybersecurity News does not host or distribute the leaked source code.