What would happen if one of the most widely used AI development tools in the world suddenly became open source – albeit completely unintentionally? That’s exactly what happened to Anthropic on March 31, 2026 with Claude Code. A co-published source map file in the CLI tool’s npm package exposed the entire source code. Within a few hours, the code was mirrored on GitHub and analyzed by thousands of developers.
Claude Code: What happened?
Security researcher Chaofan Shou discovered the problem on the morning of March 31 and made his discovery public on the X platform. Version 2.1.88 of the npm package @anthropic-ai/claude-code contained a 59.8 MB JavaScript source map file. This file, which is actually only intended for internal debugging, contained references to the complete, unminified TypeScript source code – and thus enabled access to the entire code base.
According to several analyses, the leaked code comprises around 1,900 files with over 512,000 lines. The code was immediately mirrored in public GitHub repositories, where it was forked over 41,500 times within a very short time. Anthropic reacted quickly and removed the affected version from the npm registry, but by this time the source code had already been widely distributed.
Source maps as a security risk
Source maps are a common tool in web development. They are used to trace compressed or bundled production code back to the original source code – for debugging errors, for example. However, if such files are inadvertently included in a public npm package, they can reveal the entire original code.
The probable cause is as trivial as it is serious: during the build process with the JavaScript runtime Bun, which Anthropic uses for Claude Code, source maps are generated by default. Apparently, the .map files were forgotten to be excluded from publication via .npmignore or via the Bundler configuration. Incidentally, this is not the first time that Anthropic has had such a problem – a similar source map glitch is said to have been fixed at the beginning of 2025.
What the source code reveals about Claude Code
A look at the leaked code reveals a modular and surprisingly extensive architecture. Claude Code is much more than a simple wrapper around Anthropic’s AI models. The tool uses the JavaScript runtime Bun and relies on React in combination with the Ink library for the terminal interface.
The most interesting discoveries include:
- Over 40 different tools in a plugin-like system with their own authorization levels
- A query engine with around 46,000 lines of code that manages all LLM API calls, streaming and caching
- A multi-agent orchestration system for complex tasks
- 44 feature flags for functions that are fully implemented but not yet publicly available
- Internal model code names such as “Capybara” (Claude 4.6), “Fennec” (Opus 4.6) and the as yet unreleased “Numbat”
- An “undercover mode” to prevent internal information from being leaked in open source contributions
Particularly juicy: The code also contains a three-layer memory system, which explains why Claude Code works so reliably during long programming sessions. There are also references to numerous planned features such as a “buddy” companion mode, agent swarms and automated workflows.
Anthropics response
Anthropic confirmed the incident to IT news portal The Register. A company spokesperson explained that it was a packaging error in the release that was caused by human error – not a security incident in the traditional sense. Customer data or access data were not affected. Anthropic is working on measures to prevent a recurrence.
The affected package version was immediately removed from the npm registry and replaced with a clean version without source maps. Users are advised to switch to the official native installation via installer script, as this does not rely on the npm dependency chain.
What developers should consider now
The incident is not only a lesson for Anthropic, but for all development teams that publish packages via npm. If you want to make sure that no sensitive files are published, you should run npm pack --dry-run before every release and check the files it contains. Source maps are basically the same as the source code itself and should never end up in production packages unless this is explicitly intended.
For existing Claude Code users, it is recommended to check the installed version and update to a patched version (2.1.89 or higher) if necessary. Anyone who had installed the tool via npm should also rotate their Anthropic API keys to be on the safe side.
Conclusion
The accidental source code leak from Claude Code is an impressive example of how a single misconfigured build pipeline can expose a product worth billions. For the open source community and competitors, the leaked code offers fascinating insights into the state of the art in AI coding tools. For Anthropic, the incident is likely to be one thing above all: an expensive wake-up call in terms of release management. The irony that a tool designed to help developers write better software was brought down by a simple configuration error is likely to be remembered in the industry for some time to come.
