Claude Code source code accidentally leaked in NPM package
Summary
Anthropic accidentally leaked the closed-source code for Claude Code when they published version 2.1.88 on NPM, which included a 60 MB source map file (a debugging file that links compiled code back to original source code) containing approximately 1,900 files and 500,000 lines of code. Anthropic confirmed no customer data or credentials were exposed and stated this was a human error in release packaging, not a security breach. The company is also investigating a separate bug where Claude Code users are hitting usage limits much faster than expected.
Solution / Mitigation
Anthropic stated they are 'rolling out measures to prevent this from happening again.' The company has also begun issuing DMCA infringement notifications to take down the leaked source code where possible online.
Classification
Affected Vendors
Related Issues
Original source: https://www.bleepingcomputer.com/news/artificial-intelligence/claude-code-source-code-accidentally-leaked-in-npm-package/
First tracked: April 1, 2026 at 02:00 AM
Classified by LLM (prompt v3) · confidence: 95%