Why did Anthropic Claude Code source leak happen?

Anthropic disclosed that parts of Claude Code's source code were exposed, and it characterized the incident as a release packaging problem rather than a security breach.

Multiple reports describe how the leak was discovered after Claude Code updates shipped. In particular, users found a package containing a source map file with TypeScript codebase material, and investigators/observers later said the full CLI source repository contents for Claude Code were exposed through an npm misconfiguration. The leak appears to have been tied to how the software was built and published, not to an external attacker breaking in.

Anthropic's response emphasized that the issue was caused by human error and that it was not the result of a compromised system. That matters because it changes the remediation focus: instead of widening defensive posture against intrusion, Anthropic needed to correct the release pipeline and publishing process, remove the exposed artifacts, and ensure future builds don't ship source maps or other development-only files.

For developers and users, the event is a reminder that "agentic" AI tooling can leak more than model weights -- build artifacts, internal architectures, and implementation details can be unintentionally included when distributing software.

The broader significance is how quickly source exposures can propagate. Once an artifact is downloadable from a package registry, it can spread through mirrors, caching, and downstream tooling, making cleanup and verification urgent.

Even with Anthropic's clarification, the key takeaway remains clear: the leak was triggered by what ended up in a production release, underscoring that secure software supply chains require careful packaging controls, not just perimeter security. {