Anthropic accidentally exposes Claude Code source code • The Register

https://www.theregister.com/2026/03/31/anthropic_claude_code_source_code/

Publish Date: 2026-03-31 13:02:00

Would you like a closer look at Claude? Someone at Anthropic has some explaining to do, as the official npm package for Claude Code shipped with a map file exposing what appears to be the popular AI coding tool’s entire source code.

It did as of Tuesday morning, at least, which is when security researcher Chaofan Shou appears to have spotted the exposure and told the world. Snapshots of Claude Code’s source code were quickly backed up in a GitHub repository that has been forked more than 41,500 times so far, disseminating it to the masses and ensuring that Anthropic’s mistake remains the AI and cybersecurity community’s gain.

According to the GitHub upload of the exposed Claude Code source, the leak actually resulted from a reference to an unobfuscated TypeScript source in the map file included in Claude Code’s npm package (map files are used to connect bundled code back to the original source). That reference, in turn, pointed to a zip archive hosted on Anthropic’s Cloudflare R2 storage bucket that Shou and others were able to download and decompress to their hearts’ content.

Contained in the zip archive is a wealth of info: some 1,900 TypeScript files consisting of more than 512,000 lines of code, full libraries of slash commands and built-in tools – the works, in short.

That said, Claude Code’s source isn’t a complete mystery, and while this exposure gives us a look at a fresh iteration of Claude Code straight from the leaky bucket, it’s not blowing the lid off of something that was a secret until now.

Claude Code has been reverse engineered, and various projects have resulted in an entire website dedicated to exposing the hidden portions of Claude Code that haven’t been released to, or shared with, the public.

In other words, what we have is a useful comparison point and update source for the CCLeaks…

Source