19 Npm Packages Compromised In Major Supply Chain Attack Ox Security Anthropic's proprietary claude code cli tool has had its full typescript source code inadvertently exposed through a misconfigured npm package, after a security researcher discovered a leaked .map file referencing the unobfuscated codebase stored on anthropic's own cloud infrastructure. Anthropic accidentally shipped source maps in their npm package, exposing 512,000 lines of claude code source. here is what went wrong and how to prevent it in your own ci cd pipeline.
Npm Security Preventing Supply Chain Attacks Snyk On march 31, 2026, security researcher chaofan shou (@shoucccc) discovered that anthropic's claude code — their flagship agentic cli tool — had its entire source code exposed through a source map file published to the npm registry. Anthropic's claude code cli had its full typescript source exposed after a source map file was accidentally included in version 2.1.88 of its npm package. the 512,000 line codebase was archived to. Anthropic quickly pushed an update to remove the source maps and deleted prior versions from the npm registry. but the damage was done — the code had already been archived on github. No. anthropic confirmed the leak contained only source code, not api keys, customer data, or credentials. the risk comes from the downstream attacks (typosquatting, orchestration logic exposure) rather than the source code itself.
Npm Security Preventing Supply Chain Attacks Snyk Anthropic quickly pushed an update to remove the source maps and deleted prior versions from the npm registry. but the damage was done — the code had already been archived on github. No. anthropic confirmed the leak contained only source code, not api keys, customer data, or credentials. the risk comes from the downstream attacks (typosquatting, orchestration logic exposure) rather than the source code itself. Claude code source code has been exposed: 512,000 lines of typescript published due to an npm package error. discover what happened, what was found in the code and anthropic response. On the morning of march 31, 2026, security researcher chaofan shou posted a brief message to x: "claude code source code has been leaked via a map file in their npm registry.". Anthropic exposed full source code of claude code via npm package's source map file the 60mb file allowed reconstruction of 1,906 proprietary typescript source files earlier exposure in 2025 was. What we know so far: anthropic is facing renewed scrutiny from the ai and security communities after internal source code for claude code – its fast growing agentic development environment.
Npm Security Preventing Supply Chain Attacks Snyk Claude code source code has been exposed: 512,000 lines of typescript published due to an npm package error. discover what happened, what was found in the code and anthropic response. On the morning of march 31, 2026, security researcher chaofan shou posted a brief message to x: "claude code source code has been leaked via a map file in their npm registry.". Anthropic exposed full source code of claude code via npm package's source map file the 60mb file allowed reconstruction of 1,906 proprietary typescript source files earlier exposure in 2025 was. What we know so far: anthropic is facing renewed scrutiny from the ai and security communities after internal source code for claude code – its fast growing agentic development environment.
Comments are closed.