Anthropic's Claude Code Source Code Leaks via Public npm Registry, Exposing Core AI IP

Anthropic has suffered a major intellectual property breach, with the complete source code for its flagship Claude Code product accidentally exposed to the public. The leak occurred when a 59.8 MB JavaScript source map file, intended solely for internal debugging, was included in the public release of the `@anthropic-ai/claude-code` package on the npm registry. This file effectively served as a roadmap to the entire ~512,000-line TypeScript codebase, revealing the inner workings of one of the company's most lucrative AI products.

The exposure was discovered and broadcast by Chaofan Shou, an intern at Solayer Labs, on X (formerly Twitter) at 4:23 am ET. The post included a direct download link, triggering a rapid, widespread dissemination. Within hours, the code was mirrored across GitHub and subjected to analysis by thousands of developers globally. For Anthropic, a company reportedly operating at a $19 billion annualized revenue run-rate, this is a strategic hemorrhage of proprietary technology, not merely a routine security lapse.

The timing of the leak is particularly damaging, exposing the core architecture of a key revenue driver at the peak of Anthropic's market influence and competitive positioning. The incident transforms a critical commercial asset into a publicly accessible reference, potentially undermining its competitive moat and inviting scrutiny of its technical implementation by both rivals and the open-source community.