SECURITY
SECURITY
SECURITY
Anthropic accidentally exposes Claude Code source code in npm packaging error
Anthropic PBC has accidently exposed the source code for its Claude Code command-line interface tool through a packaging error that led to the inclusion of sensitive files in a publicly distributed node package manager or npm release.
Claude Code is Anthropic’s command-line tool that lets developers interact with its Claude artificial intelligence models directly from the terminal to write, edit and debug code. It’s essentially an AI coding agent wrapped in a command-line interface that is designed to run tasks, manipulate files and automate development workflows without needing a full integrated development environment interface.
The exposure occurred following the inclusion of a source map file in version 2.1.88 of Claude Code npm package. The leak consisted of more than 500,000 lines of TypeScript code across nearly 2,000 files, with the exposed material including core components of the Claude Code system, such as its agent architecture, tool integrations and execution logic.
Anthropic has acknowledged the incident, saying in a statement reported today by CNBC that “this was a release packaging issue caused by human error, not a security breach” and that it’s “rolling out measures to prevent this from happening again.”
The problem when source code like this is leaked is that you can’t put the proverbial rabbit back into the hat — that is, removal of the original source does not prevent continued distribution once copies have propagated. In this case, the code was quickly mirrored externally, making it difficult to contain fully.
Though there is no indication that user data, prompts or customer information were exposed in the incident and Anthropic has also confirmed this, the impact of the leak comes down to intellectual property exposure and the potential for deeper analysis of internal system design.
Access to the source code can provide insight into how AI agents manage tool usage, permissions and workflows. Such visibility can also assist in identifying weaknesses or crafting more targeted exploits against similar systems.
The incident also raises competitive considerations, as proprietary implementation details can and will give Anthropic’s rivals a clearer understanding of how its coding tools are structured. Though the models themselves remain closed, the surrounding orchestration layer represents a significant portion of product differentiation.
The news that Anthropic has accidentally leaked Claude Code CLI source code comes after the details of the company’s upcoming AI model called Claude Mythos and other documents were recently discovered in a publicly accessible data cache.
Image: SiliconANGLE/Ideogram
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
