Entire Claude Code CLI source code leaks thanks to exposed map file

Anthropic has suffered a significant source code leak for its Claude Code command line interface (CLI) tool. The leak occurred when version 2.1.88 of the Claude Code npm package was published containing a source map file. This file allowed anyone to reconstruct the entire original TypeScript source code, exposing nearly 2,000 files and over 512,000 lines of proprietary code. Security researcher Chaofan Shou first identified the issue on X, leading to the code being archived and forked tens of thousands of times on GitHub.

Anthropic confirmed the incident was a 'release packaging issue caused by human error' and stated no sensitive customer data or credentials were involved. However, the exposure is substantial. Developers have already begun deep analysis, revealing sophisticated systems like background memory rewriting and a 40,000-line plugin-like tool system. The codebase shows Claude Code is a complex, production-grade application, not just a simple API wrapper.

The leak provides competitors with a detailed architectural blueprint of a leading AI coding assistant, potentially accelerating the development of rival tools. It also offers a map for bad actors to search for security vulnerabilities within Claude Code's guardrails. While the legal status of the disseminated code is complex, the incident represents a notable setback for Anthropic in the fast-moving and competitive AI developer tools space.