Anthropic said Tuesday it accidentally leaked internal source code for its popular AI chatbot, Claude Code.
The leak stemmed from version 2.1.88 of the @anthropic-ai/claude-code package on the npm registry. It included a 59.8-megabyte source map file that exposed roughly 512,000 lines of unobfuscated TypeScript code across about 1,900 to 2,300 files, an Anthropic spokesperson said in a statement sent to media outlets. The code quickly spread to GitHub repositories that have been forked tens of thousands of times.
Anthropic called the incident a packaging mistake rather than a hack.
“Earlier today, a Claude Code release included some internal source code. No sensitive customer data or credentials were involved or exposed,” the statement read. “This was a release packaging issue caused by human error, not a security breach. We’re rolling out measures to prevent this from happening again.”…