Claude Code Source Code Exposed Through npm Registry Leak
Basically, Anthropic's code was accidentally made public due to a mistake in their software package.
Anthropic's Claude Code source code has been leaked due to a misconfigured npm package. This breach exposes critical internal systems and raises serious intellectual property concerns. Developers should monitor for updates and ensure they are using secure versions of the tool.
What Happened
On March 31, 2026, a significant data breach occurred involving Anthropic's proprietary Claude Code CLI tool. A security researcher, Chaofan Shou, discovered that the full TypeScript source code was inadvertently exposed through a misconfigured npm package. The leak was traced back to a source map file that referenced an unobfuscated codebase stored on Anthropic's cloud infrastructure. This incident highlights the vulnerabilities associated with software development and deployment practices.
The leaked npm package, @anthropic-ai/claude-code, contained a source map file that inadvertently pointed to the complete, unminified TypeScript source code. This code was directly downloadable as a ZIP archive from Anthropic’s R2 cloud storage bucket. The researcher made this discovery public, drawing attention to the potential ramifications of such a leak.
Who's Affected
The breach affects not only Anthropic but also any organizations or developers that utilize the Claude Code tool in their projects. The exposed codebase includes approximately 1,900 files and over 512,000 lines of code, detailing critical subsystems of the CLI tool. This includes core components that handle API interactions, authentication flows, and multi-agent coordination.
Given the breadth of the leak, the implications extend to anyone relying on Claude Code for their development workflows. Companies integrating this tool should be particularly vigilant, as the leaked code may provide insights into proprietary features and internal logic that could be exploited by malicious actors.
What Data Was Exposed
The leaked code encompasses the entirety of Claude Code’s src/ directory, including key files such as QueryEngine.ts, which drives the core LLM API engine, and Tool.ts, defining all agent tool types. Notably, the leak reveals internal feature flags and agent tools that have not yet been publicly released. This information could give competitors or attackers an unfair advantage.
The leak raises serious intellectual property concerns for Anthropic. The exposed architecture details around 40 agent tools and roughly 85 slash commands could lead to unauthorized access to features and functionalities that were meant to remain confidential. This breach underscores the potential risks associated with mishandling source maps in production environments.
What You Should Do
In light of this incident, organizations using Claude Code should take immediate action. They should monitor Anthropic’s official security advisories for updates and potential patches. It’s crucial for developers to review the official npm registry to ensure they are using secure and updated versions of the software.
Additionally, avoid relying on third-party mirrors of the leaked source code, as these may not be secure. Organizations should also conduct a risk assessment to understand how this leak might affect their operations and consider implementing additional security measures to protect their own proprietary code and data. This incident serves as a reminder of the importance of maintaining robust security practices throughout the software development lifecycle.