Why did Claude Code source leak happen?

Claude Code source leak via npm source maps

Anthropic’s Claude Code appears to have had its internal TypeScript source exposed after a security researcher and others found the code indirectly through a misconfigured npm package and source maps. The leak reportedly surfaced internal details such as codenames and parts of an underlying “Self-Healing Memory” architecture.

The incident matters because Claude Code is an agentic command-line tool that many developers may rely on for day-to-day automation. When source is exposed unintentionally, it can:

• Reveal internal product architecture and implementation details attackers can target.
• Provide a blueprint for replicating or probing behaviors that were intended to stay private.
• Increase the chance of follow-on security issues, especially if other parts of the ecosystem assume the code and mappings are not publicly reachable.

What’s known vs. unknown

What’s clear from the reporting is the exposure path: a public npm package configuration made the source maps serveable in a way that effectively disclosed the code repository.

It’s still unclear exactly how long the misconfiguration existed before discovery, and whether any user data was accessed as part of the leak. The stories also don’t confirm whether Anthropic has already rotated secrets, patched build pipeline steps, or taken additional steps beyond addressing the source map exposure.

Why developers should care

For engineers adopting agentic tooling, this is a reminder that “open” developer ecosystems can still leak internal implementation artifacts. Even when the application is not compromised, distribution pipeline mistakes can expose the wiring behind the tool—turning what should be defense-in-depth into publicly available reconnaissance.