Claude Code's source code has been leaked via a map file in their NPM registry
anthropic claude
| Source: HN | Original article
Anthropic’s AI‑coding assistant Claude Code was exposed on March 31 when a sourcemap file published to the project’s npm package revealed the full TypeScript source tree – more than 1,900 files and half a million lines of code. Security researcher Chaofan Shou, an intern at Web3‑focused firm FuzzLand, flagged the issue on X, noting that the map referenced an unobfuscated bucket on Anthropic’s R2 storage and allowed anyone to download the entire codebase. The compressed archive was quickly mirrored on GitHub, where a snapshot was posted for “security research”.
The leak matters for three reasons. First, source code is Anthropic’s intellectual property; its public release erodes the competitive moat the company built around Claude Code’s proprietary prompting and execution engine. Second, the exposed repository includes internal APIs, build scripts and configuration files that could aid attackers in crafting targeted exploits against users of the tool. Third, the incident underscores a recurring operational lapse: sourcemaps, meant for debugging, are routinely stripped from production bundles, yet Anthropic previously suffered a similar exposure in February 2025 that forced a hurried removal of an older version from npm. Repeating the mistake raises questions about the firm’s supply‑chain hygiene and its ability to safeguard developer tools that are increasingly embedded in CI/CD pipelines.
Anthropic has not issued a formal statement yet, but the npm package was taken down within hours and the offending sourcemap removed. The company is expected to publish a post‑mortem detailing how the map slipped into the release and what remediation steps are being taken. Watch for a follow‑up from Anthropic on potential patches, any legal action against the researcher who posted the code, and broader industry reactions that may tighten npm publishing standards for AI‑related packages. The episode also revives debate over open‑source versus proprietary models in the rapidly evolving Nordic AI ecosystem.
Sources
Back to AIPULSEN