Anthropic’s Claude Code Source Code Reportedly Leaked Via Their npm Registry

Anthropic’s proprietary Claude Code CLI tool has had its full TypeScript source code inadvertently exposed through a misconfigured npm package, after a security researcher discovered a leaked .map file referencing the unobfuscated codebase stored on Anthropic’s own cloud infrastructure.

On March 31, 2026, researcher Chaofan Shou made the disclosure public, posting: “Claude code source code has been leaked via a map file in their npm registry!”

https://twitter.com/Fried_rice/status/2038894956459290963?ref_src=twsrc%5Etfw

The published @anthropic-ai/claude-code npm package reportedly contained a source map (.map) file that referenced the complete, unminified TypeScript source, which was directly downloadable as a ZIP archive from Anthropic’s own R2 cloud storage bucket.

The original unmodified source has since been preserved and mirrored in a public GitHub repository under the backup branch nirholas/claude-code.

What Was Exposed

The leaked codebase represents the entirety of Claude Code’s src/ directory, approximately 1,900 files and over 512,000 lines of code written in strict TypeScript, using the Bun runtime and a React + Ink terminal UI framework. The disclosure is substantial in scope, touching every critical subsystem of the CLI tool.

Key files confirmed in the leak include QueryEngine.ts (~46,000 lines), which drives the core LLM API engine, including streaming, tool loops, and token tracking; Tool.ts (~29,000 lines), defining all agent tool types and permission schemas; and commands.ts (~25,000 lines), which registers and executes the tool’s slash commands.

The exposed architecture details approximately 40 agent tools, including BashTool, FileReadTool, FileEditTool, and AgentTool for sub-agent spawning as well as roughly 85 slash commands spanning Git workflows, code review, memory management, and multi-agent orchestration.

The leak also reveals internal feature flags such as PROACTIVE, VOICE_MODE, BRIDGE_MODE, and KAIROS, indicating product features not yet publicly released.

How Source Maps Cause Leaks

Source map files (.map) are standard developer tools designed to map compiled or minified JavaScript back to its original source for debugging purposes.

When inadvertently bundled into production npm releases, however, they expose proprietary source code to anyone who knows where to look effectively bypassing obfuscation entirely. This is not the first time such an error has affected Anthropic; a similar source map exposure was reportedly patched in early 2025.

The breach raises serious intellectual property concerns for Anthropic, as the exposed code covers internal API client logic, OAuth 2.0 authentication flows, permission enforcement, multi-agent coordination, and even undisclosed feature pipelines. At the time of writing, Anthropic has not issued a public statement regarding the incident.

Organizations integrating Claude Code into their development workflows should monitor Anthropic’s official security advisories. Developers are urged to review the official npm registry for patched releases and avoid third-party mirrors of the leaked source.

Note: This article is based on publicly available disclosures. Cybersecurity News does not host or distribute the leaked source code.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Anthropic’s Claude Code Source Code Reportedly Leaked Via Their npm Registry appeared first on Cyber Security News.