Claude Code Source Code Accidentally Leaked in NPM Package

Anthropic Just Leaked Its Own Closed-Source Code Via NPM

Even the people building AI coding assistants can fumble a release. On March 31, 2026, Anthropic accidentally shipped Claude Code version 2.1.88 to NPM with a massive 60 MB cli.js.map file baked right into the package - a file that contained the entire original source tree of their closed-source product.

That is roughly 1,900 files and 500,000 lines of proprietary code, now available for anyone who grabbed that version before the takedown.

What Actually Happened

Source map files are debugging artifacts. They link compiled JavaScript back to the original source. The dangerous part: if the map includes a sourcesContent field, it embeds the raw source files directly in the map. Anyone with the .map file can reconstruct the full source tree.

Anthropic confirmed to BleepingComputer:

• No sensitive customer data or credentials were exposed
• The leak was caused by human error during release packaging - not a breach
• Version 2.1.88 has been pulled and DMCA takedown notices are being issued across GitHub and other platforms

The leak was first spotted by researcher Chaofan Shou and spread quickly before Anthropic could contain it. Developers have already started picking through the code, surfacing undocumented features like:

• Proactive mode - Claude codes autonomously for you around the clock
• Dream mode - Claude thinks in the background, refines plans, and solves problems while you are away

Why Developers Should Care About This

This is not just Anthropic's problem. The same mistake can happen in any project that bundles source maps into production or public packages. The blast radius depends on what your source code contains.

Key lessons here:

• Never ship .map files in public NPM packages unless they contain zero sensitive logic or secrets
• Add *.map to your .npmignore file, or use the files field in package.json to whitelist only what should be published
• Run npm pack --dry-run before every release to audit exactly what gets included
• Use a CI step to fail the build if unexpected large files appear in the package output
• Treat proprietary source code the same way you treat secrets - scope and audit what leaves your build pipeline

# Quick audit before publishing
npm pack --dry-run

// package.json - explicit file whitelist
{
  "files": ["dist/", "README.md"]
}

The Takeaway

Human error in release pipelines is a supply chain risk vector. One misplaced .map file can expose months of proprietary engineering work, internal feature roadmaps, and architectural decisions you never meant to share. Automate your release guards before this happens to you.

Is your app vulnerable to similar attacks? Run an automated scan in 3 minutes with VibeWShield.