Anthropic’s Claude Code source code was exposed through an npm packaging mistake

Home » News
Yash Shield
News
Reading time icon 5 min. read

Calendar icon Published on

Anthropic accidentally exposed a large portion of the source code behind its Claude Code CLI after a public npm package shipped with a source map that pointed back to internal TypeScript files. Anthropic has since confirmed the incident and said it was caused by human error in the release process, not by a hack into customer systems.

The exposure involved Claude Code itself rather than Anthropic’s underlying Claude model weights or customer data. Anthropic told multiple outlets that no sensitive customer information or credentials were compromised, but the leak still gave the public an unusually detailed look inside one of the company’s most important developer tools.

The issue came to light on March 31 after researcher Chaofan Shou posted that Claude Code’s source had been exposed through a map file in Anthropic’s npm registry. Copies of the code spread quickly through public repositories before Anthropic could fully contain the fallout.

What was exposed

Reports say the leak exposed more than 512,000 lines of Claude Code source, largely written in TypeScript. The codebase revealed internal implementation details, terminal UI components, agent logic, permission systems, and references to unreleased or experimental features that were not meant for public release.

Among the features people quickly spotted were references to a Tamagotchi-style companion system and a feature called Kairos, which appeared to point to a more persistent or always-on agent mode. Those discoveries helped drive the story far beyond a normal packaging mistake because they exposed Anthropic’s product roadmap as well as its engineering choices.

Public mirrors of the exposed code appeared on GitHub within hours. One repository tied to the backup spread rapidly and drew thousands of forks, which made the leak hard to contain even after Anthropic patched the original source of the exposure.

How the leak happened

The problem appears to have come from a source map file included in a public release of the @anthropic-ai/claude-code package. Source maps help developers debug production builds by mapping compiled JavaScript back to the original source, but they can also reveal private code if they are shipped carelessly.

In this case, the map file pointed to original Claude Code sources stored on Anthropic-controlled infrastructure. That meant anyone who found the map could trace the package back to the unobfuscated code and download it.

Anthropic later described the incident as a packaging or release mistake rather than a security breach. That distinction matters because the company says outsiders did not break into its systems to steal the code. The code became exposed because Anthropic shipped a release artifact that should not have been public.

Why this matters

For Anthropic, the biggest damage is likely strategic rather than operational. Competitors and independent developers now have a rare look at how Claude Code is structured, how it handles permissions and tool use, and how Anthropic is thinking about future features.

That does not mean rivals can clone the whole product overnight. A leaked application codebase is valuable, but it does not automatically expose the entire backend stack, proprietary infrastructure, or model internals needed to reproduce a commercial AI coding assistant at full scale.

Even so, the leak is embarrassing for a company that presents itself as safety-focused and security-conscious. It also appears to be the second Claude Code source exposure in a little over a year, which raises fresh questions about Anthropic’s release controls and operational discipline.

Key pointWhat is confirmed
What leakedA large portion of Claude Code source
How it leakedPublic package shipped with a source map that exposed original source paths
Was it a hack into customer systems?Anthropic says no
Customer data exposedAnthropic says no sensitive customer data or credentials were compromised
Main impactInternal product code and unreleased feature details became public
  • The leak involved Claude Code, not Anthropic’s foundation model weights
  • Anthropic says the cause was human error in the release process
  • Public mirrors spread rapidly after the exposure became known
  • The source revealed internal tooling details and feature flags
  • The incident created reputational and competitive risks more than direct customer-data fallout

FAQ

What leaked in the Anthropic Claude Code incident?

A large portion of Claude Code’s internal source code leaked after a public npm release exposed a source map that pointed back to the original TypeScript files.

Did hackers breach Anthropic to get the code?

Anthropic says this was not a traditional breach. The company described it as human error in the software release process.

Was customer data exposed?

Anthropic said no sensitive customer data or credentials were compromised in the incident.

What did the leaked code reveal?

The leak revealed Claude Code’s internal structure, agent tools, permission logic, UI components, and references to unreleased features such as Kairos and a Tamagotchi-style companion.

Yash

Yash Shield

I am a Business Analytics student with a strong interest in publishing well-researched and data-driven news articles. I focus on analyzing trends in business, finance, and technology to create clear, accurate, and engaging content for readers. I enjoy transforming complex data and information into simple, meaningful stories that help audiences understand current developments. With analytical thinking and attention to detail, I aim to deliver credible and insightful news that adds real value to readers.

Readers help support VPNCentral. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more

User forum

0 messages