Anthropic’s Claude Code source code was reportedly leaked when a 59.8 MB JavaScript source map file was unintentionally included in version 2.1.88 of the @anthropic-ai/claude-code package on the public npm registry.

The leaked source map pointed to unobfuscated TypeScript sources hosted in Anthropic’s cloud storage, which were publicly downloadable and archived to a GitHub repository with significant engagement.

The exposed TypeScript codebase was large, estimated at roughly 512,000 lines, and was quickly mirrored on GitHub where thousands of developers analyzed it.

Anthropic had not issued a public statement at the time of reporting, and the incident is likely to prompt scrutiny of AI software release processes across the industry.

Broader implications point to Claude Code as a sophisticated multi-agent system with background tasking, memory management, and cross-session context handling, raising questions about whether powerful developer tools should be proprietary or open-source.

Anthropic’s flagship Claude 4.6 Opus is already viewed as dangerous for cybersecurity due to autonomous vulnerability identification that could be misused by adversaries.

The leak did not involve model weights or user data, but it exposed internal workings such as security mechanisms and telemetry logic.

The incident represents a security/privacy failure with competitive intelligence risks and potential blueprint-like access to architecture, underscoring the need for better build pipelines and proper stripping of source maps.

Anthropic described the release as a packaging mistake caused by human error, stating no customer data or credentials were exposed and that measures are being taken to prevent recurrence.

The company acknowledged the packaging error and is implementing safeguards to prevent similar leaks in the future.

This incident follows a March 2026 leak of a draft blog post about a forthcoming model, indicating ongoing internal data exposure issues at Anthropic.

Experts warn the leak could enable misuse, including reverse-engineering Claude Code or building competing tools, and could expose the internal services tied to Claude Code.