Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Staff Editor 2026-04-01
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

https://thehackernews.com/2026/04/claude-code-tleaked-via-npm-packaging.html

Publish Date: 2026-04-01 02:12:00

Source Domain: thehackernews.com

Ravie LakshmananApr 01, 2026Data Breach / Artificial Intelligence

Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human error.

“No sensitive customer data or credentials were involved or exposed,” an Anthropic spokesperson said in a statement shared with CNBC News. “This was a release packaging issue caused by human error, not a security breach. We’re rolling out measures to prevent this from happening again.”

The discovery came after the AI upstart released version 2.1.88 of the Claude Code npm package, with users spotting that it contained a source map file that could be used to access Claude Code’s source code – comprising nearly 2,000 TypeScript files and more than 512,000 lines of code. The version is no longer available for download from npm.

Security researcher Chaofan Shou was the first to publicly flag it on X, stating “Claude code source code has been leaked via a map file in their npm registry!” The X post has since amassed more than 28.8 million views. The leaked codebase remains accessible via a public GitHub repository, where it has surpassed 84,000 stars and 82,000 forks.

A source code leak of this kind is significant, as it gives software developers and Anthropic’s competitors a blueprint for how the popular coding tool works. Users who have dug into the code have published details of its self-healing memory architecture to overcome the model’s fixed context window constraints, as well as other internal components.

These include a tools system to facilitate various capabilities like file read or bash execution, a query engine to handle LLM API calls and orchestration, multi-agent orchestration to spawn “sub-agents” or swarms to carry out complex tasks, and a bidirectional communication layer that connects IDE extensions to Claude Code CLI.

The leak has also shed light on a feature called KAIROS that allows Claude…

Source

More Stories

Mountain Rides resolves cybersecurity threat | Transportation

Mountain Rides resolves cybersecurity threat | Transportation

Staff Editor 2026-06-05
NICC offers new computing and cybersecurity program for high school students | 97 Seven Country WGLR – The Tri-States Best Variety of Country

NICC offers new computing and cybersecurity program for high school students | 97 Seven Country WGLR – The Tri-States Best Variety of Country

Staff Editor 2026-06-05
Ashley Devoto Named Air Force CIO

Ashley Devoto Named Air Force CIO

Staff Editor 2026-06-05

Terms and Conditions - Privacy Policy