- Anthropic employee accidentally leaked Claude Code source via npm map file
- Leak revealed 1,900 TypeScript files with 500K+ lines of code, quickly mirrored on GitHub
- Anthropic confirmed that no customer data was exposed, calling it a packaging error amid recent vulnerabilities like ShadowPrompt and Cloudy Day
An anthropic employee accidentally leaked the source code for one of the most popular Artificial Intelligence (AI) assistants out there – Claude Code.
Security researcher Chaofan Shou wrote on X saying “Claude Code source code has been leaked via a map file in their npm registry!” The tweet itself has been viewed more than 30 million times so far, with numbers rising rapidly, showing just how popular the tool really is.
While CNBC says the leak is partial, The register said it contained “the entire source code of the popular AI coding tool”.
The article continues below
Anthropic confirms leak
The internet reacted as the internet tends to react – fast and merciless, quickly backing up the leak to a GitHub repository that has since been forked tens of thousands of times.
In the GitHub upload, it was said that the leak is a result of a reference to an unobfuscated TypeScript source code in the maps file included in Claude Code’s npm package. The reference pointed to a .ZIP file sitting in Anthropic’s Cloudflare R2 storage bucket, which contained 1,900 TypeScript files with more than 500,000 lines of code, complete libraries of slash commands, and built-in tools.
Anthropic has since confirmed the news, saying this was not the act of a malicious insider or third party, but rather an accident:
“No sensitive customer data or credentials were involved or exposed,” an Anthropic spokesperson said in a statement to CNBC. “This was a release packaging issue caused by human error, not a security breach. We are rolling out measures to prevent this from happening again.”
It’s been an intense few weeks for Anthropic. The company raised quite a few eyebrows with the speed at which it has been pushing out new updates and features, even leading to major discussions on Reddit where users claimed the company was using, well, its own product.
“They get high on their own supply,” one person said.
While releasing new features quickly is commendable, cybersecurity seems to be the flip side of that coin. In the last 10 days alone, we’ve had several stories about Claude being vulnerable to instant injection and similar attacks. On March 27, 2026, security researchers Koi Security found a major flaw in Claude Code’s Google Chrome extension that enabled zero-click attacks.
Speed at the expense of safety?
Dubbed ShadowPrompt, the vulnerability could have allowed malicious actors to exfiltrate sensitive data.
A few days before, on March 19, security researchers reported to Oasis that they found three vulnerabilities in Claude that, when used together, form a complete attack chain – from targeted victim delivery to exfiltration of sensitive data. The scientists named it Cloudy Day and responsibly disclosed it to Anthropic, who quickly addressed it.
Users don’t seem to mind too much, but when ShadowPrompt was discovered on the same day, Anthropic was forced to throttle its tools during peak hours to cope with the increased demand.
“To handle the growing demand for Claude, we are adjusting our 5 hour session limits for Free/Pro/Max subscriptions during peak hours. Your weekly limits will remain unchanged,” said Thariq Shihipar, an engineer working on Claude Code, in a post on X.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
