Anthropic Acknowledges Accidental Leak of Claude Code Source via NPM Package
Key Points
- Anthropic confirmed an employee error caused Claude Code source code to be exposed via an npm map file.
- The leaked archive contained about 1,900 TypeScript files and over 500,000 lines of code.
- No customer data or credentials were compromised, according to Anthropic.
- The incident is described as a packaging mistake, not a malicious breach.
- Anthropic is implementing safeguards to prevent similar packaging errors.
- The leak was quickly mirrored on GitHub, attracting extensive community attention.
- Recent weeks saw multiple Claude Code vulnerabilities, including “ShadowPrompt” and “Cloudy Day.”
- Anthropic temporarily throttled session limits during peak demand to manage load.
Anthropic confirmed that an employee error caused the Claude Code AI assistant source code to be exposed through a map file in its npm package. The leak included roughly 1,900 TypeScript files containing over 500,000 lines of code stored in a Cloudflare R2 bucket. Anthropic emphasized that no customer data or credentials were compromised and described the incident as a packaging mistake rather than a security breach. The company said it is implementing safeguards to prevent similar errors, while the leak was quickly mirrored on GitHub amid ongoing discussions about recent Claude vulnerabilities and high user demand.
Accidental exposure of Claude Code source
Anthropic disclosed that a packaging error by an employee resulted in the Claude Code source code being unintentionally released through a map file included in the tool’s npm package. The map file referenced an unobfuscated TypeScript source archive stored in Anthropic’s Cloudflare R2 bucket. This archive contained approximately 1,900 TypeScript files and more than 500,000 lines of code, providing a comprehensive view of the AI coding assistant’s internal libraries and built‑in tools.
Response and impact
Anthropic issued a statement confirming that the leak did not involve any sensitive customer data or credentials. The company characterized the event as a human‑error packaging issue rather than a malicious breach. To mitigate future risks, Anthropic said it is rolling out additional measures aimed at preventing similar packaging mistakes.
Following the discovery, the leaked files were quickly mirrored on GitHub, where they accumulated thousands of forks. The rapid replication highlighted the high interest in Claude Code and the speed at which the developer community responds to such exposures.
Context of recent security concerns
The leak occurred amid a series of recent security discussions surrounding Claude Code. In the preceding weeks, researchers reported multiple vulnerabilities, including a Chrome extension flaw that allowed zero‑click attacks and a set of three issues dubbed “Cloudy Day” that formed a complete attack chain for data exfiltration. Another vulnerability, referred to as “ShadowPrompt,” was also highlighted for its potential to expose sensitive information.
These security incidents have coincided with growing demand for Claude Code, prompting Anthropic to adjust usage limits during peak periods. The company announced temporary throttling of session limits for free, Pro, and Max subscriptions to manage load, while weekly limits remained unchanged.
Industry reaction
The developer and security communities reacted swiftly, discussing the leak and the broader implications for AI tool security on platforms such as Reddit and X. Commentators noted the tension between rapid feature rollout and the need for robust security practices. While some users expressed concern over the exposure, others focused on the broader conversation about responsible AI development and the importance of safeguarding code assets.
Anthropic’s acknowledgment of the incident and its commitment to corrective actions underscore the challenges faced by AI‑focused companies in balancing innovation speed with security diligence.