Anthropic employee error exposes Claude Code source
Summary
An Anthropic employee accidentally exposed the source code for Claude Code (an AI programming tool) by leaving a source map file (.map file, a debugging file that translates minified code back to human-readable form) in a package published on npm (a registry where developers share code). This is a security risk because hackers can use source maps to understand how the code works, find vulnerabilities, and potentially steal secrets like API keys that might be hidden in the code.
Solution / Mitigation
According to secure coding trainer Tanya Janca, developers should: (1) disable source maps in the build/bundler tool; (2) add the .map files to the .npmignore or package.json files field to explicitly exclude them, even if generated during the build by accident; and (3) exclude them from production. Anthropic stated they are 'rolling out measures to prevent this from happening again,' though specific details are not provided in the source.
Classification
Affected Vendors
Related Issues
Original source: https://www.csoonline.com/article/4152830/anthropic-employee-error-exposes-claude-code-source-2.html
First tracked: April 1, 2026 at 02:00 AM
Classified by LLM (prompt v3) · confidence: 92%