Anthropic’s Claude Source Code Leaked via npm Anthropic’s Reportedly

Anthropic’s proprietary Claude Code CLI tool has seen its full TypeScript source code inadvertently exposed. A security researcher identified the leak through a misconfigured npm package, which contained a `.map` file referencing the tool’s unobfuscated codebase. This sensitive code was stored on Anthropic’s own cloud infrastructure.

On March 31, 2026, researcher Chaofan Shou made the disclosure public, posting: “Claude code source code has been leaked via a map file in their npm registry!”

The published @anthropic-ai/claude-code npm package reportedly contained a source map (.map) file that referenced the complete, unminified TypeScript source, which was directly downloadable as a ZIP archive from Anthropic’s own R2 cloud storage bucket.

The original unmodified source has since been preserved and mirrored in a public GitHub repository under the backup branch nirholas/claude-code.

What Was Exposed

The leaked codebase represents the entirety of Claude Code’s src/ directory, approximately 1,900 files and over 512,000 lines of code written in strict TypeScript, using the Bun runtime and a React + Ink terminal UI framework. The disclosure is substantial in scope, touching every critical subsystem of the CLI tool.

Key files confirmed in the leak include QueryEngine.ts (~46,000 lines), which drives the core LLM API engine, including streaming, tool loops, and token tracking; Tool.ts (~29,000 lines), defining all agent tool types and permission schemas; and commands.ts (~25,000 lines), which registers and executes the tool’s slash commands.

The exposed architecture details approximately 40 agent tools, including BashTool, FileReadTool, FileEditTool, and AgentTool for sub-agent spawning as well as roughly 85 slash commands spanning Git workflows, code review, memory management, and multi-agent orchestration.

The leak also reveals internal feature flags such as PROACTIVE, VOICE_MODE, BRIDGE_MODE, and KAIROS, indicating product features not yet publicly released.

How Source Maps Cause Leaks

Source map files (.map) are standard developer tools designed to map compiled or minified JavaScript back to its original source for debugging purposes.

When inadvertently bundled into production npm releases, however, they expose proprietary source code to anyone who knows where to look effectively bypassing obfuscation entirely. This is not the first time such an error has affected Anthropic; a similar source map exposure was reportedly patched in early 2025.

The breach raises serious intellectual property concerns for Anthropic, as the exposed code covers internal API client logic, OAuth 2.0 authentication flows, permission enforcement, multi-agent coordination, and even undisclosed feature pipelines. At the time of writing, Anthropic has not issued a public statement regarding the incident.

Organizations integrating Claude Code into their development workflows should monitor Anthropic’s official security advisories. Developers are urged to review the official npm registry for patched releases and avoid third-party mirrors of the leaked source.

Note: This article is based on publicly available disclosures. Cybersecurity News does not host or distribute the leaked source code.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.