What caused the Claude Code source code leak?

Simple: forgotten .npmignore exclude for source map files during npm publish.

Is Claude Code still safe to install?

Yes—patched version clean. But scan packages always; this proves nowhere's bulletproof.

What does the leak reveal about Anthropic's tech?

Agentic architecture: tools, memory, undercover modes. Blueprints for terminal AI domination.

Anthropic's Claude Code Leaks Entire Source—Via NPM Debug File, Not a Hack

At 4:23 AM ET, an intern spots a monster debug file in Claude Code's npm package. By breakfast, Anthropic's codebase is mirrored worldwide. No hackers. Just a forgotten .npmignore line.

DevTools Feed Apr 04, 2026 4 min read

Leaked source map file from Anthropic's Claude Code npm package exposing full codebase

⚡ Key Takeaways

Claude Code's full source leaked via a 59.8MB debug map on public npm—no hack, just packaging oversight. 𝕏
Exposes Anthropic's agentic AI internals: undercover prompts, Bash tools, persistent memory. 𝕏
Bold prediction: accelerates OSS clones, eroding Anthropic's proprietary edge in dev tools. 𝕏

Published by

DevTools Feed

Ship faster. Build smarter.

#Anthropic source code #Claude Code leak #npm-security #source maps

Worth sharing?

Get the best Developer Tools stories of the week in your inbox — no noise, no spam.

Originally reported by dev.to

⚡ Key Takeaways

The 60-Second TL;DR

DevTools Feed

Share this article

Worth sharing?

Related Stories

I Installed a Compromised npm Package with Claude Code — Then Built This Plugin to Stop It

Axios 1.14.1: The NPM Hijack That Stole Your SSH Keys in Seconds

North Korean Hackers Fake a Company to Pwn Axios Maintainer – RAT in 100M Downloads

512,000 Lines Leaked: Claude Code's Permission-Gated Agent Loop Exposed

Stay in the loop