Anthropic’s AI Coding Tool Self-Leaks Source Code Again This Year
Security researcher Chaofan Shou reported a full source-code exposure of Anthropic’s Claude Code on 31 March 2026. The leak came from a 60MB source-map file named cli.js.map bundled in the npm package for version v2.1.88.
How the code became public
The published source map referenced unobfuscated TypeScript files stored in Anthropic’s cloud. That made the original codebase downloadable from public URLs.
Researchers reconstructed the readable TypeScript from the map. The mistake was a packaging oversight, not an intrusion.
What was revealed
The exposed package contained 1,906 proprietary source files. These files included client implementation code for the Claude Code command-line tool.
The material detailed internal API design, telemetry analysis systems, encryption utilities, and inter-process communication protocols. The leak did not include model weights or user data.
Public archival and reaction
Within hours, a public GitHub repository archived the leaked code. That mirror quickly surpassed 1,100 stars and 1,900 forks.
Shou, an intern researcher at blockchain security firm Fuzzland, posted the discovery on X. Anthropic had not issued a public statement at the time of reporting.
Background and prior incident
This is not the first time a source map exposed Claude Code. In February 2025, an earlier release leaked for the same reason.
Anthropic then removed the old package from npm and deleted its source map. The vulnerability has resurfaced despite that fix.
Technical context and risk
Source maps translate compressed builds back to original code. They are useful during development but dangerous in public releases.
Security observers noted the leak poses limited direct risk to regular users. Personal conversations and model weights stayed private.
However, transparency of internal architecture and telemetry logic raises concerns. The disclosure could aid reverse engineering and targeted attacks.
Implications for the industry
The incident will likely increase scrutiny of release processes at AI firms. Many enterprises and professional developers use these tools worldwide.
It underscores that Anthropic’s AI coding tool self-leaks sensitive internals, a problem now occurring again this year.
- Date discovered: 31 March 2026
- Tool: Claude Code (command-line)
- Package version: v2.1.88
- Exposed file: cli.js.map (60MB)
- Number of source files: 1,906
- GitHub mirror: >1,100 stars and >1,900 forks within hours
- Researcher: Chaofan Shou (Fuzzland intern)
- Previous similar incident: February 2025
