A forgotten file caused one of the biggest accidental leaks in AI software history. On March 31st, 2026, Anthropic accidentally included a 59.8 MB source map file in its Claude Code v2.1.88 npm package. A missing line in a configuration file called `.npmignore` was all it took. The exposed file contained 512,000 lines of TypeScript code spread across more than 2,300 original files.
A single missing line in a config file was all it took to expose 512,000 lines of TypeScript code.
Security researcher Chaofan Shou, known as @Fried_rice on X, spotted the leak and shared it publicly by 4:23 AM ET. Within hours, thousands of developers had downloaded and analyzed the code. It racked up 22 million views on X in just one day. Anthropic responded with DMCA takedowns, but the code had already spread too far. Copies remained online despite the removal efforts.
The leak wasn’t a hack. No customer data, API keys, or model weights were exposed. Anthropic called it an awkward situation caused by human error, not a security breach. Still, the scale of what got out was significant.
The exposed code revealed how Claude Code actually works under the hood. Developers discovered it’s a deeply engineered system, not just a simple wrapper around Claude. The architecture includes a 7-stage bootstrap pipeline, a 5-layer configuration hierarchy, and a 4-type persistent memory system. Tools like BashTool and FileReadTool operate under separate permission levels. Bash commands, which can change system settings, face stricter rules than read-only file tools.
One of the more ironic details involved a subsystem called Undercover Mode. It was built to keep internal codenames from showing up in commits. That leak-prevention tool did nothing to stop the npm source map from going public.
The reaction from developers was fast. A Python rewrite of the core architecture hit 50,000 GitHub stars in just two hours, reportedly the fastest rise in history. The rewrite was made possible because the core architecture was ported to Python from scratch without violating copyright.
The incident came just days before a separate vulnerability was found in Claude Code. Together, these events raised fresh questions about security practices at one of the AI industry’s leading companies. Users who updated the package between 12:21 a.m. and 3:29 a.m. UTC on March 31 were advised to rotate their credentials and perform a clean reinstall of their systems.
References
- https://superframeworks.com/articles/claude-code-source-code-leak
- https://rollingout.com/2026/03/31/anthropic-claude-code-leak-512000-lines/
- https://wavespeed.ai/blog/posts/claude-code-architecture-leaked-source-deep-dive/
- https://www.youtube.com/watch?v=WvgyQYzKS9Y
- https://www.securityweek.com/critical-vulnerability-in-claude-code-emerges-days-after-source-leak/
