Anthropic's Claude Code CLI Source Code Leaks After npm Package Exposes Full Source Map

The entire source code for Anthropic's Claude Code command line interface has been publicly leaked, providing a complete blueprint of the application to competitors and the open-source community. The exposure stems from a critical internal error: the company's latest npm package update inadvertently included a source map file. This file allowed anyone to reconstruct the entire, original TypeScript codebase, comprising nearly 2,000 files and over 512,000 lines of proprietary logic.

The leak was triggered by the publication of version 2.1.88 of the Claude Code npm package. Security researcher Chaofan Shou was the first to identify and publicly disclose the exposure on X, sharing a link to an archive of the files. Within hours, the full codebase was uploaded to a public GitHub repository, where it has since been forked tens of thousands of times, ensuring its widespread and permanent dissemination. This incident exposes the inner workings of a key tool from a company experiencing rapid user growth and significant industry influence.

For Anthropic, this represents a substantial operational and strategic setback. While the leak does not involve the core AI models, it provides competitors with a detailed look at the architecture, implementation, and potential vulnerabilities of a flagship product interface. The scale of the exposure—the entire application source—grants outsiders an unprecedented view into development practices and could accelerate rival projects or security scrutiny. The event underscores the high-stakes pressure and visibility facing AI infrastructure companies, where a single deployment error can lead to a significant loss of proprietary advantage.