Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
Transparence b l-ghalat: Anthropic kat-akid tsrib l-code source dyal Claude Code bsbab ghalat f npm
Inadvertent Transparency: Anthropic Confirms Claude Code Source Leak via npm Error
TL;DR
Anthropic has confirmed that the source code for its AI coding assistant, Claude Code, was accidentally leaked due to a packaging error in an npm update (version 2.1.88). The leak exposed over 512,000 lines of code, revealing internal architectures like "Undercover Mode" and anti-distillation tactics. While no customer data was compromised, the incident has sparked supply chain concerns and a wave of typosquatting attacks.
The Incident: Human Error, Not a Breach
On Tuesday, Anthropic confirmed that internal source code for Claude Code was inadvertently released to the public. The company clarified that the exposure was not the result of a malicious security breach but rather a "release packaging issue caused by human error."
The leak occurred when version 2.1.88 of the Claude Code npm package was published containing a source map file. Security researchers, led by Chaofan Shou, discovered that this file could be used to reconstruct the original TypeScript source code.
By the numbers:
- Files exposed: Nearly 2,000 TypeScript files.
- Lines of code: In excess of 512,000.
- Reach: A post highlighting the leak on X (formerly Twitter) garnered over 28.8 million views.
- Current status: Version 2.1.88 has been removed from npm, but the code persists in public GitHub repositories with tens of thousands of stars and forks.
Internal Secrets Revealed
The leak provides a rare "blueprint" of Anthropic’s proprietary logic. Developers and competitors have already begun dissecting the codebase, revealing several previously internal or undocumented features:
- Self-Healing Memory: An architecture designed to overcome fixed context window constraints.
- KAIROS: A feature allowing Claude to act as a persistent background agent that can fix errors and send push notifications without human input.
- "Dream" Mode: A proactive state where the AI "thinks" in the background to iterate on ideas.
- Undercover Mode: A controversial system prompt instructing the AI to make "stealth" contributions to open-source repositories without revealing its identity as an Anthropic tool.
- Anti-Poisoning Tactics: The code reveals controls that inject fake tool definitions into API requests to "poison" training data if competitors attempt to scrape Claude's outputs for model distillation.
Security Concerns and Supply Chain Risks
While Anthropic maintains that no sensitive customer credentials were exposed, the leak has created significant security ripples:
- Exploitation of Guardrails: AI security experts suggest that having the full source code allows attackers to "fuzz" the system and find ways to bypass guardrails or persist backdoors through the tool's context management pipeline.
- Axios Supply Chain Attack: There is a specific concern regarding users who updated via npm on March 31, 2026 (between 00:21 and 03:29 UTC). These users may have inadvertently downloaded a trojanized version of an HTTP client containing a cross-platform remote access trojan.
- Dependency Confusion: Attackers are already "typosquatting" internal npm package names used by Claude Code. A user named "pacifier136" has published several empty stubs (e.g.,
audio-capture-napi,image-processor-napi) in hopes of catching users attempting to compile the leaked source code.
Anthropic’s Response
Anthropic has stated they are rolling out new measures to prevent similar packaging errors in the future. This incident marks the second major data exposure for the company in a short period; just last week, details regarding an upcoming AI model were found accessible via the company's content management system.
Recommendations for Users:
- Immediately downgrade to a verified "safe" version of Claude Code if you installed version 2.1.88.
- Rotate all secrets and credentials if you were active during the suspected supply chain attack window on March 31.
- Exercise extreme caution when interacting with unofficial repositories or packages claiming to be related to the Claude Code source.
Source: The Hacker News - Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
