Anthropic inadvertently exposed the full TypeScript source code for its AI coding assistant, Claude Code, through a misconfigured npm package.
A security researcher discovered that version 2.1.88 of the package contained a large source map file. This file allowed for the reconstruction of the entire unobfuscated codebase. The leak consists of approximately 1,900 files and over 500,000 lines of code.
This incident marks the second time a packaging error has leaked Claude Code data. The exposure reveals significant intellectual property, including internal API logic and telemetry systems.
The files detail a sophisticated three-layer memory architecture known as a Self-Healing Memory system. This system is designed to prevent AI confusion during long sessions.
While the leak excludes AI model weights and user data, it provides competitors with a detailed blueprint of the tool’s inner workings.