Anthropic’s Claude Code, a proprietary CLI tool, has had its TypeScript source code inadvertently exposed due to a misconfigured npm package. This exposure was discovered when a security researcher found a leaked .map file that referenced the unprotected codebase on Anthropic’s cloud infrastructure.
Details of the Security Breach
On March 31, 2026, Chaofan Shou, a security researcher, publicly disclosed the leak, revealing that the @anthropic-ai/claude-code npm package contained a source map file. This file provided a direct reference to the complete, unminified TypeScript source, which was downloadable as a ZIP file from Anthropic’s R2 cloud bucket.
The codebase, now preserved in a public GitHub repository, includes around 1,900 files and over 512,000 lines of TypeScript code. It encompasses critical parts of the Claude Code CLI tool, utilizing the Bun runtime and a React + Ink terminal UI framework.
Scope and Impact of the Leak
The leaked files are comprehensive, involving every essential subsystem of the Claude Code. Key components include the QueryEngine.ts file, which contains approximately 46,000 lines of code and handles the core LLM API engine, and Tool.ts, with around 29,000 lines, defining agent tool types and permissions.
Additionally, the architecture reveals about 40 agent tools and approximately 85 slash commands, covering various functionalities such as Git workflows and multi-agent orchestration. Internal feature flags like PROACTIVE and VOICE_MODE, indicative of unreleased features, were also disclosed.
Understanding the Source Map Vulnerability
Source maps are intended for debugging by mapping compiled JavaScript back to its original source. However, when incorrectly included in npm production releases, they can expose proprietary code, bypassing obfuscation efforts. This isn’t the first instance for Anthropic; a similar issue occurred in early 2025.
The breach poses significant intellectual property risks, as the exposed code includes internal API logic and undisclosed features. Anthropic has yet to release a public statement addressing the incident.
Developers using Claude Code should keep an eye on Anthropic’s security advisories and ensure they are using patched npm releases. It is advisable to avoid third-party mirrors of the leaked source code.
For more updates on cybersecurity, follow us on Google News, LinkedIn, and X. Reach out if you have a story to share.
