GoKawiilAnthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no customer data or credentials were exposed.
While Anthropic pledges support to the open-source community, Claude Code has always remained closed source, at least it did until today, when an update accidentally included internal source code.
In a statement to BleepingComputer, Anthropic confirmed the leak and said no personal or sensitive information was published.
"Earlier today, a Claude Code release included some internal source code. No sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach. We're rolling out measures to prevent this from happening again," Anthropic told Bleepingcomputer.
The leaked source code was first spotted by Chaofan Shou (@Fried_rice), and it has spread widely on GitHub and other storage platforms.
Claude Code source code leak
The source code was mistakenly leaked by Anthropic when they briefly published Claude Code version 2.1.88 on NPM earlier today.
This version included a 60 MB file cli.js.map that contained all of the source code for the latest version.
A source map file is a debugging file that links compiled JavaScript back to the original source code.
If the map files include a field called "sourcesContent" that embeds the full text of the original source files directly in the map, it is possible to reconstruct the entire source code tree from the file.
... continue reading