Overview
- Anthropic’s Claude Code tool, which shipped Tuesday in npm version 2.1.88, included a .map debugging file that let researchers reconstruct about 1,900 TypeScript files with roughly 512,000 lines of code after security researcher Chaofan Shou flagged the issue and mirrors spread on GitHub.
- A source map links compiled code back to the original source, so including it in a public package effectively disclosed the codebase that would normally stay private.
- Anthropic said the exposure was due to human error rather than a breach and reported no customer data or model weights were leaked, removing the affected release from npm, pursuing takedowns, and advising users to avoid that version, switch to native installers or downgrade, and rotate credentials if needed.
- Developers reviewing the files reported details on internal architecture and unreleased features, including a three‑layer self‑healing memory system, a persistent background agent called KAIROS, multi‑agent orchestration, and an Undercover Mode designed for stealth contributions to public repositories.
- Security firms warned of active risks after the leak, noting a trojanized axios window for npm users on March 31 between 00:21 and 03:29 UTC and new typosquat packages that could enable dependency‑confusion attacks, in a week that also saw a separate Anthropic internal‑file exposure reported by Fortune.