Anthropic Accidentally Exposes Claude Code Source Files
Key Points
- Anthropic released Claude Code version 2.1.88 to the public npm registry.
- A source map file unintentionally exposed over 500,000 lines of code across nearly 2,000 files.
- Security researcher Chaofan Shou posted an archive link on X, drawing massive attention.
- Anthropic confirmed the leak was caused by human error and said no customer data or credentials were exposed.
- The incident gives developers a rare view of Claude Code’s architecture while raising security concerns for Anthropic.
Anthropic unintentionally published internal source files for its Claude Code AI coding tool when releasing version 2.1.88 to the public npm registry. The mistake included a source map that revealed more than 500,000 lines of code across nearly 2,000 files. Security researcher Chaofan Shou shared an archive link on X, generating massive attention. Anthropic confirmed the leak as a human error, emphasized that no customer data or credentials were exposed, and said it is taking steps to prevent a recurrence. The incident offers developers a rare glimpse into the tool’s architecture while raising security concerns for the company.
Leak Details
Anthropic, the artificial‑intelligence company behind the Claude Code coding assistant, released version 2.1.88 of the tool to the public npm registry. In the process, the company inadvertently included a source map file that exposed the internal codebase. The exposed material comprised more than 500,000 lines of code spread across nearly 2,000 files. A security researcher identified the issue, posted a link to an archive containing the files on X, and quickly attracted widespread attention.
Company Response
Anthropic issued a statement acknowledging the leak as a result of human error. The spokesperson clarified that the release did not contain any sensitive customer data or credentials. The company also indicated that it is implementing measures to avoid a similar incident in the future.
Public Reaction and Impact
The leak generated significant buzz on social media, with the X post receiving a high volume of views. Developers gained an unprecedented look at the underlying architecture of Claude Code, a tool that can answer questions, generate creative content, translate languages, transcribe images, write code, summarize text, and engage in natural conversation. While the exposure offers competitors insight into Anthropic’s roadmap, it also raises concerns about the firm’s internal security practices.
Broader Context
Claude Code has recently experienced a surge in popularity, especially during holiday periods when users discovered its coding capabilities. Anthropic has also been active in marketing, including a Super Bowl advertisement that criticized a rival AI provider’s decision to place ads in its free and low‑cost plans. The source‑code leak adds a new dimension to the company’s public profile, highlighting both the rapid adoption of its AI tools and the challenges of managing complex software releases.