Security researchers are scrambling after Anthropic accidentally uploaded the entire source code for Claude Code to a public npm registry. A massive 57MB source map file, containing over 500,000 lines of code, was left exposed, revealing the internal logic of Anthropic’s flagship AI assistant. You might be wondering how a company this advanced could let that happen, and the implications for open source development are pretty serious.
The Leak Discovered in the Digital Underbelly
It all started when Chaofan Shou, a security researcher, spotted something strange in Anthropic’s published npm package for Claude Code v2.1.88. The package, which should have been a closed-source, obfuscated bundle, contained a 57MB source map file labeled `cli.js.map`. Usually, source maps are small text files used by developers to debug applications, mapping TypeScript back to a readable format. Instead of a simple reference, Shou found a treasure trove, a massive archive mapping 1,900 files and 512,000 lines of source code.
Once Shou posted about the leak on X, formerly Twitter, the story went viral, gathering nearly 10 million views. The AI community, always hungry for the inner workings of these systems, was immediately hooked. Claude Code is a highly popular agentic tool designed to edit files and manage entire projects locally, but until now, it was a black box locked behind a closed source license. Now, the box is open, and the internet is dissecting it.
Why This Leak Is So Dangerous
So, what’s actually inside this leaked library? The code reveals the core engine for LLM API calls, streaming responses, and token counting mechanisms. It shows exactly how Claude Code handles tool-call loops and permission models. Some members of the Hacker News community pointed out a particularly interesting detail: extensive regex filters designed to detect negative sentiment in user prompts, including a long list of swear words. While the leak doesn’t expose the underlying AI models or user data, it does expose the internal logic. This makes it incredibly easy to reverse-engineer the tool, spot security risks, or identify intellectual property details.
The implications are significant. As one researcher noted, Claude Code relies on axios, a popular HTTP client. If that dependency had vulnerabilities, the source code leak makes it much easier for bad actors to target it. Now, operators are already advertising their own forks of Claude Code. But be careful there. Full-stack developer Justin Schroeder put it bluntly on X: just because the source is now ‘available’ DOES NOT MEAN IT IS OPEN SOURCE. You are violating a license if you copy or redistribute the source code, or use their prompts in your next project. Don’t do that.
A Prompt Reminder for Developers
Moving fast to contain the fallout, Anthropic yanked the npm package, but it was too late. Mirrors of the leaked code have already been published on GitHub, with one repository already sitting at nearly 30,000 stars with 40,200 forks. While this is a huge win for the open-source community, it serves as a stark reminder that when you host sensitive code on public registries, you need to be incredibly careful about what you leave on the table. Anthropic hasn’t released an official statement yet, but Cybernews has reached out for a comment.
