- Anthropic employee accidentally leaked Claude Code source via npm map file
- Leak exposed 1,900 TypeScript files with over 500,000 lines of code, quickly mirrored on GitHub
- Anthropic confirmed that no customer data was exposed, calling it a packaging error amid recent vulnerabilities such as ShadowPrompt and Cloudy Day.
An Anthropic employee accidentally leaked the source code of one of the most popular artificial intelligence (AI) assistants: Claude Code.
Security researcher Chaofan Shou posted on X, saying: “Claude Code’s source code was leaked via a map file in their npm registry! » The tweet itself has been viewed over 30 million times so far, and the numbers are growing quickly, showing just how popular the tool really is.
While CNBC says the leak is partial, The register said it contained “the entire source code of the popular AI coding tool.”
Article continues below
Anthropic confirms leak
The Internet reacted as the Internet usually reacts: swift and merciless, quickly backing up the leak to a GitHub repository that has now been forked tens of thousands of times.
In the GitHub upload, it was stated that the leak was the result of a reference to unobfuscated TypeScript source code in the map file included in Claude Code’s npm package. The reference was to a .ZIP file located in Anthropic’s Cloudflare R2 storage bucket that contained 1,900 TypeScript files with over 500,000 lines of code, full slash command libraries, and built-in tools.
Since then, Anthropic has confirmed the news, saying that it was not an act of a malicious insider or third party, but rather an accident:
“No sensitive customer data or identifiers were involved or exposed,” an Anthropic spokesperson said in a statement to CNBC. “This is a release packaging issue caused by human error, not a security vulnerability. We are deploying measures to prevent this from happening again.”
It’s been an intense two weeks for Anthropic. The company raised some eyebrows with the speed at which it released new updates and features, even causing major discussions on Reddit, where users claimed the company was, well, using its own product.
“They are getting high on their own supply,” one person said.
While releasing new features quickly is laudable, cybersecurity seems to be the other side of the coin. In the last 10 days alone, we’ve had several stories that Claude was vulnerable to rapid injection and similar attacks. On March 27, 2026, security researchers Koi Security discovered a major flaw in Claude Code’s Google Chrome extension that allowed zero-click attacks.
Speed at the expense of security?
Dubbed ShadowPrompt, the vulnerability could have allowed malicious actors to exfiltrate sensitive data.
A few days earlier, on March 19, Oasis security researchers reported discovering three vulnerabilities in Claude that, when used together, form a complete attack chain – from targeted delivery of victims to exfiltration of sensitive data. Researchers have dubbed it Cloudy Day and responsibly disclosed it to Anthropic who quickly resolved it.
Users don’t seem to care much, although on the same day ShadowPrompt was discovered, Anthropic was forced to throttle its tools during peak hours to keep up with growing demand.
“To handle the growing demand for Claude, we are adjusting our 5-hour session limits for Free/Pro/Max subscriptions during peak hours. Your weekly limits remain unchanged,” said Thariq Shihipar, an engineer who works on Claude Code, in an article on X.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
