Anthropic Confirms Claude Source Code Leak Due to npm Error
Anthropic has confirmed a significant error that resulted in the unintentional release of source code for its popular AI coding assistant, Claude Code. The exposure occurred due to a packaging mistake during the rollout of version 2.1.88 of the Claude Code npm package, which included a source map file accessible to users.
Details of the Source Code Leak
- Date of Incident: March 31, 2026
- Type of Exposure: Source code leak via source map file
- Volume of Leaked Code: Nearly 2,000 TypeScript files and over 512,000 lines of code
- Public Attention: The issue was first raised by security researcher Chaofan Shou on X, garnering over 28.8 million views.
The leaked code is still retrievable from a public GitHub repository, where it has gained significant visibility, achieving more than 84,000 stars and 82,000 forks.
Implications for Developers and Competitors
This leak poses a risk, as it provides software developers and competitors with insights into Claude Code’s architecture and features. Among the notable components revealed are:
- Self-healing memory architecture
- Tools system for executing tasks
- Query engine for managing API calls
- Multi-agent orchestration capabilities
- Bidirectional communication for IDE extensions
A standout feature called KAIROS allows Claude Code to perform tasks autonomously and send notifications to users. Additionally, a “dream” mode enables the AI to continuously generate and refine ideas.
Security Risks and Ongoing Threats
The leak raises security concerns, as malicious actors might exploit the revealed source code to circumvent existing safeguards. AI security firm Straiker notes that attackers can analyze Claude Code’s context management flow to design sophisticated payloads.
There is an urgent reminder for users who may have installed or updated to this version during the specified timeframe. These individuals could inadvertently have incorporated a trojanized HTTP client into their systems. Immediate actions suggested include:
- Downgrade to a previous safe version of Claude Code.
- Rotate all security credentials.
Furthermore, there are reports of typosquatting attacks related to the leakage incident, where malicious packages mimic internal npm names to target developers attempting to compile the leaked code. Security expert Clément Dumas highlighted the risks, emphasizing the strategy of deploying empty stubs first to prepare for future harmful updates.
Recent Challenges for Anthropic
This incident represents Anthropic’s second major issue within a short time frame. Just days prior, sensitive details about a new AI model were mistakenly made publicly accessible via the company’s content management system. Anthropic has admitted to testing this model with early access clients, proclaiming it as their most advanced offering to date.
As Anthropic works to rectify this leak, they are implementing measures to prevent similar occurrences in the future and safeguard their technology and users.
