April 1, 2026 Anthropic has inadvertently exposed the full source code of its Claude Code tool for the second time in a year due to a packaging mistake in its public release. The leak included 1,906 proprietary source files covering internal APIs, telemetry systems, encryption tools and communication protocols.
The issue was discovered on March 31, 2026 by security researcher Chaofan Shou, who found that a 60MB source map file (cli.js.map) had been included in the tool’s npm package. That file allowed anyone to reconstruct the original TypeScript codebase from the distributed build.
Source maps are typically used during development to debug software by linking compiled code back to its original form. However, they are not intended for production releases, as they effectively expose the full underlying code. In this case, the file also referenced unobfuscated source files hosted in Anthropic’s cloud storage, making the code directly downloadable.
The exposed package, Claude Code version 2.1.88, was published to npm, a widely used public software registry. Within hours of discovery, the leaked codebase was archived on GitHub, where it quickly gained more than 1,100 stars and 1,900 forks, increasing its visibility and distribution.
This is not the first occurrence. An earlier version of Claude Code was exposed in February 2025 due to the same issue, after which Anthropic removed the affected release and deleted the source map. The recurrence suggests a gap in release controls rather than a one-off mistake.
The exposure does not include model weights or user data, and there is no indication of a breach involving customer information. However, the leak reveals the internal structure of the tool, including how it handles telemetry, security layers, and inter-process communication – details typically kept private.
For developers, this distinction matters. While user data remains unaffected, access to internal implementation details can provide insight into system design and security mechanisms, which may carry competitive or operational implications.
Anthropic has not issued a public statement on the incident. The discovery is likely to draw scrutiny around software release practices, particularly as AI development tools are increasingly used in enterprise environments where code integrity and intellectual property protection are critical.
