Anthropic Leaks Claude Code Source in NPM Packaging Error

Anthropic PBC mistakenly released the source code for its Claude Code command-line tool in a public npm package.

Claude Code allows developers to interact with Anthropic's AI models directly from the terminal, automating coding tasks without a full IDE.

The leak came from version 2.1.88 of the npm package and included more than 500,000 lines of TypeScript across nearly 2,000 files. Exposed elements include core architecture, tool integrations, and execution logic.

Anthropic said the issue stemmed from human error, not a security breach, and is taking steps to prevent future incidents.

Despite no exposure of user data or prompts, the leak reveals key intellectual property. Once distributed, the code spread rapidly online, complicating containment efforts.

Security experts warn that access to such code could expose system vulnerabilities and aid in crafting targeted attacks. Competitors may also gain insights into Anthropic’s proprietary development processes.

This incident follows earlier leaks involving details about Anthropic's upcoming 'Claude Mythos' AI model found in a public data cache.