Claude Code Unintentionally Open Source: Source Map Reveals 512,000 Lines of Source Code

Summary

The source code of Anthropic's CLI tool Claude Code was unintentionally made publicly accessible on March 31, 2026. A source map file published alongside it in the npm registry enabled access to over 512,000 lines of unminified TypeScript code distributed across approximately 1,900 files. Security expert Chaofan Shou made the discovery public on X; shortly thereafter, a GitHub repository mirrored the entire code. Anthropic quickly removed the faulty package version from the npm registry and replaced it with a cleaned version without source maps.

People

• Chaofan Shou (Security expert; Discoverer)

Topics

• Software Security
• Open Source Practices
• Supply Chain Risks
• npm Registry Management

Clarus Lead

The incident illustrates a systemic risk in the modern open-source ecosystem: the automated publication of developer artifacts (source maps) can undermine productive security architecture. For development organizations, the validation of package publications becomes a critical control point – particularly since such leaks can expose not only business logic but also internal APIs and authorization mechanisms. Anthropic's swift response mitigates immediate risk but raises questions about build pipeline quality control in the AI industry.

Detailed Summary

Claude Code is a command-line tool that enables developers to access Anthropic's AI models through natural language and automate routine tasks such as file management or command execution. The disclosed code shows a modularly structured architecture that uses the JavaScript runtime environment Bun and the React framework with the Ink library for terminal interfaces. The code additionally contains a command system, IDE interfaces, and access control mechanisms.

Source maps normally function as debugging tools – they connect compressed or bundled code to original source files. However, when included in published npm packages, they enable attackers or researchers direct access to unminified original sources. In the case of Claude Code, the source map pointed to downloadable TypeScript files. Root cause analysis suggests a faulty package configuration during npm publication – an error that could have been caught by automated checks. The spread of the mirrored code occurred via social networks and developer forums (Reddit, GitHub); the public GitHub repository explicitly categorizes the material as research and educational content.

Key Statements

• 512,000 lines of uncompressed source code (approximately 1,900 files) were exposed through a source map file
• Source maps as unintended security vulnerabilities are a documented but often underestimated risk in the npm ecosystem
• Anthropic responded within hours with package removal and republication – best practice in incident response
• Claude Code's architecture uses production-ready stack components (Bun, React/Ink, modular command system)

Critical Questions

1. Evidence/Source Validity: Was the source map file actually included in the standard npm package, or was it subsequently generated through npm metadata? Is there official documentation from Anthropic on the cause?

2. Conflicts of Interest/Transparency: What commercial or security-critical information (API keys, authentication patterns, proprietary algorithms) is actually visible in the disclosed code? Has Anthropic conducted a complete security audit?

3. Causality/Error Sources: Was this an isolated configuration problem in a single release or part of a systemic process deficit? How many other npm packages from Anthropic are potentially affected?

4. Feasibility/Preventive Measures: What automated controls (linting, pre-publish audits) would have blocked this file? Will such checks now be implemented for all future releases?

5. Data Quality: The GitHub repository is categorized as "research material" – will the code continue to be archived if the project is deleted? Are there legal or security policy implications for third parties who have used the code?

Source Directory

Primary Source: Claude Code Unintentionally Open Source: Source Map Reveals All – heise online, March 31, 2026

Verification Status: ✓ March 31, 2026

This text was created with the assistance of an AI model.
Editorial Responsibility: clarus.news | Fact-Check: March 31, 2026