- Anthropic employee accidentally leaked Claude Code source via npm map file
- The leak exposed 1,900 TypeScript files with over 500,000 lines of code, quickly mirrored on GitHub
- Anthropic confirmed that no customer data was exposed, calling it a packaging error amid recent vulnerabilities like ShadowPrompt and Cloudy Day.
An Anthropic employee accidentally leaked the source code of one of the most popular Artificial Intelligence (AI) assistants out there: Claude Code.
Security researcher Chaofan Shou posted on X, saying: “Claude Code’s source code has been leaked via a map file in its npm registry!” The tweet itself has been viewed over 30 million times so far, and the numbers are increasing rapidly, showing just how popular the tool really is.
While CNBC He says the leak is partial, The Registry said it contained “the complete source code for the popular AI coding tool.”
Article continues below.
Anthropic confirms leak
The Internet reacted as it usually reacts: quickly and without remorse, quickly supporting the leak in a GitHub repository that, by now, has been forked tens of thousands of times.
The GitHub upload said the leak is the result of a reference to unobfuscated TypeScript source code in the map file included in Claude Code’s npm package. The reference pointed to a .ZIP file located on Anthropic’s Cloudflare R2 storage bucket that contained 1,900 TypeScript files with more than 500,000 lines of code, complete libraries of slash commands, and built-in tools.
Anthropic has since confirmed the news, saying that this was not an act of a malicious insider or third party, but rather a mishap:
“No sensitive data or customer credentials were involved or exposed,” an Anthropic spokesperson said in a statement to CNBC. “This was a release package issue caused by human error, not a security breach. We are implementing measures to prevent this from happening again.”
It’s been an intense couple of weeks for Anthropic. The company drew attention for the speed at which it has been shipping new updates and features, even sparking major discussions on Reddit, where users argued that the company had been using, well, its own product.
“They’re getting high from their own supply,” one person said.
While it is commendable to release new features quickly, cybersecurity appears to be the other side of the coin. In the last 10 days alone, we have had multiple stories about Claude being vulnerable to immediate injections and similar attacks. On March 27, 2026, security researchers Koi Security found a major flaw in the Claude Code Google Chrome extension that allowed zero-click attacks.
Speed at the expense of safety?
The vulnerability, called ShadowPrompt, could have allowed malicious actors to leak sensitive data.
A few days earlier, on March 19, Oasis security researchers reported finding three vulnerabilities in Claude that, when used together, form a complete attack chain, from targeted delivery to the victim to exfiltration of sensitive data. The researchers called it a Cloudy Day. and responsibly disclosed it to Anthropic, who quickly addressed it.
Users don’t seem to care much, however, as on the same day ShadowPrompt was discovered, Anthropic was forced to rev up its tools during peak hours to cope with increasing demand.
“To manage the increasing demand for Claude, we are adjusting our 5-hour session limits for free/Pro/Max subscribers during peak hours. Their weekly limits remain unchanged,” said Thariq Shihipar, an engineer working at Claude Code, in a post on X.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
