Samual Axon, reporting last week for Ars Technica:

Early this morning, Anthropic published version 2.1.88 of Claude Code npm package — but it was quickly discovered that package included a source map file, which could be used to access the entirety of Claude Code’s source — almost 2,000 TypeScript files and more than 512,000 lines of code.

Security researcher Chaofan Shou was the first to publicly point it out on X, with a link to an archive containing the files. The codebase was then put in a public GitHub repository, and it has been forked tens of thousands of times.

Anthropic publicly acknowledged the mistake in a statement to VentureBeat and other outlets, which reads:

Earlier today, a Claude Code release included some internal source code. No sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach. We’re rolling out measures to prevent this from happening again.

Not exactly confidence inspiring, given how incredibly sensitive much of the material users give Claude and Claude Code access to. To say the least, it undermines the message that companies should trust their source code to Claude Code when Anthropic accidentally leaked their own source code.