Anthropic's Claude Code Source Code Reportedly Leaked Via Their npm Registry - CyberSecurityNews

HomeCyber Security Anthropic’s Claude Code Source Code Reportedly Leaked Via Their npm Registry By Guru Baran March 31, 2026 Anthropic’s proprietary Claude Code CLI tool has had its full TypeScript source code inadvertently exposed through a misconfigured npm package, after a security researcher discovered a leaked .map file referencing the unobfuscated codebase stored on Anthropic’s own cloud infrastructure. On March 31, 2026, researcher Chaofan Shou made the disclosure public, posting: “Claude code source code has been leaked via a map file in their npm registry!” CLAUDE CODE SOURCE CODE HAS BEEN LEAKED VIA A MAP FILE IN THEIR NPM REGISTRY! CODE: HTTPS://T.CO/JBIMOOZT8G PIC.TWITTER.COM/RYO5HBVEJ8 — Chaofan Shou (@Fried_rice) March 31, 2026 The published @anthropic-ai/claude-code npm package reportedly contained a source map (.map) file that referenced the complete, unminified TypeScript source, which was directly downloadable as a ZIP archive from Anthropic’s own R2 cloud storage bucket. The original unmodified source has since been preserved and mirrored in a public GitHub repository under the backup branch nirholas/claude-code. What Was Exposed The leaked codebase represents the entirety of Claude Code’s src/ directory, approximately 1,900 files and over 512,000 lines of code written in strict TypeScript, using the Bun runtime and a React + Ink terminal UI framework. The disclosure is substantial in scope, touching every critical subsystem of the CLI tool. Key files confirmed in the leak include QueryEngine.ts (~46,000 lines), which drives the core LLM API engine, including streaming, tool loops, and token tracking; Tool.ts (~29,000 lines), defining all agent tool types and permission schemas; and commands.ts (~25,000 lines), which registers and executes the tool’s slash commands. The exposed architecture details approximately 40 agent tools, including BashTool, FileReadTool, FileEditTool, and AgentTool for sub-agent spawning as well as roughly 85 slash commands spanning Git workflows, code review, memory management, and multi-agent orchestration. The leak also reveals internal feature flags such as PROACTIVE, VOICE_MODE, BRIDGE_MODE, and KAIROS, indicating product features not yet publicly released. How Source Maps Cause Leaks Source map files (.map) are standard developer tools designed to map compiled or minified JavaScript back to its original source for debugging purposes. When inadvertently bundled into production npm releases, however, they expose proprietary source code to anyone who knows where to look effectively bypassing obfuscation entirely. This is not the first time such an error has affected Anthropic; a similar source map exposure was reportedly patched in early 2025. The breach raises serious intellectual property concerns for Anthropic, as the exposed code covers internal API client logic, OAuth 2.0 authentication flows, permission enforcement, multi-agent coordination, and even undisclosed feature pipelines. At the time of writing, Anthropic has not issued a public statement regarding the incident. Organizations integrating Claude Code into their development workflows should monitor Anthropic’s official security advisories. Developers are urged to review the official npm registry for patched releases and avoid third-party mirrors of the leaked source. Note: This article is based on publicly available disclosures. Cybersecurity News does not host or distribute the leaked source code. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News 84 TanStack npm Packages Hacked in Ongoing Supply-Chain Attack Targeting CI Credentials Hackers Deploy Modular RAT With Credential Theft and Screenshot Capture Capabilities New ClickFix Attack Targets macOS Users With Fake Disk Cleanup and Utility Lures Dirty Frag Linux Vulnerability Let Attackers Gain Root Privileges – PoC Released NVIDIA Data Breach Reportedly Exposes Personal Information of GeForce Users Latest News AI Critical “Cline” AI Agent Vulnerability Enables RCE Attacks Cyber Security News Malicious Chrome MV3 Extension Impersonates TronLink to Steal Crypto Wallet Credentials Cyber Security News MistralAI PyPI Package Compromised to Inject Malicious Code – Microsoft Warns Chrome Claude’s Chrome Extension Vulnerability Allows Malicious Extensions to Steal Gmail and Drive Data Cyber Security News Critical PHP SOAP Extension Vulnerabilities Enables Remote Code Execution Attacks