Anthropic accidentally leaks Claude Code source in npm slip

Anthropic confirmed yesterday that ‘human error’ led to the leak of much of the source code of its star product Claude Code.

Anthropic has accidentally leaked the source code of its Claude Code agent after a misconfigured software package exposed it to the public. It follows a separate incident last week where Fortune said the company had accidentally leaked thousands of files.

The leak was spotted on Tuesday by security researcher Chaofan Shou, according to The Register, who found that the official npm package for Claude Code had shipped with a map file referencing an unobfuscated TypeScript source. Chaofan Shou proceeded to announce his find on X, sparking a flurry of activity.

That file pointed to a zip archive stored on Anthropic’s Cloudflare R2 storage bucket, which anyone could download and decompress. The archive reportedly contained some 1,900 TypeScript files totalling more than 512,000 lines of code, including full libraries of slash commands and built-in tools.

Within hours, a copy of the code was uploaded to GitHub, where it was ‘forked’ more than 41,500 times, according to The Register, effectively ensuring that the exposure could not easily be undone.

Anthropic accidentally leaks Claude Code source in npm slip

Other newsrooms on this story

Related reading

Anthropic leaks part of Claude Code's internal source code

Other newsrooms on this story

Related reading

Anthropic leaks part of Claude Code's internal source code

Claude Mythos AI unauthorised access claim probed by Anthropic

Hackers used Anthropic AI to 'to commit large-scale theft'

Anthropic: Huge Pricing Issues With Glitching Claude Code Limits?

Chinese hackers hijack Anthropic AI in 1st 'large scale' cyberattack - UPI.com

Why Anthropic’s New AI Model Sometimes Tries to ‘Snitch’