Claude Code Source Code Leak: What Was Exposed

On March 31, 2026, security researcher Chaofan Shou discovered that Anthropic’s Claude Code had its entire source code exposed through a sourcemap file bundled into the npm package.

Last verified: April 4, 2026

What Happened

• Claude Code version 2.1.88 shipped with a .map sourcemap file in the npm package
• Sourcemaps contain the original pre-minified source code — standard for debugging but never meant for production distribution
• 512,000 lines of TypeScript were fully readable
• The leak was a packaging error, not a security breach

What Was Found

Researchers and developers who examined the code found:

• System prompt — Claude Code’s full system instructions
• Tool implementations — How file editing, terminal execution, and code analysis work internally
• Agent orchestration — How Claude Code manages multi-step tasks
• Upcoming features — References to April 1-7 teaser window and May 2026 full launch for new capabilities
• Security boundaries — How Claude Code sandboxes operations

Security Implications

The source code leak itself is relatively low risk — it’s the code, not user data. However:

• CVE-2026-21852 (in pre-2.0.65 versions) created a real API key exfiltration risk when running Claude Code in hostile repositories
• Typosquatting attacks increased after the leak, with malicious packages mimicking Claude Code on npm
• Update immediately to the latest version if you’re running older builds

Anthropic’s Response

Anthropic acknowledged the packaging error and removed the sourcemap from subsequent npm releases. The underlying code was not considered a trade secret since Claude Code’s behavior is largely observable through usage.

Irony Factor

The leak happened the same week as Anthropic’s biggest policy change (cutting third-party subscriptions). Some in the community noted the timing — one of the world’s leading AI safety companies had a basic CI/CD oversight.

Last verified: April 4, 2026