3 min read

Anthropic's Claude Code npm Package

Source map file exposes Claude's code

Anthropic's Claude Code npm Package
Photo: Image by Gerd Altmann from Pixabay

On March 31, 2026, security researcher Chaofan Shou discovered a critical security vulnerability in Anthropic's Claude Code npm package, version 2.1.88. This vulnerability exposed the entire source code of the package, including sensitive information and potential security risks.

The Cause of the Incident

Anthropic confirmed that the incident was caused by "human error" in release packaging, not a security breach. Specifically, someone forgot to exclude .map files from the npm publish, or the build system wasn't configured to strip debug artifacts from production releases.

The Scale of the Exposure

The affected package includes:

  • ~1,900 TypeScript files
  • 512,000+ lines of code
  • ~40 built-in tools
  • ~50 slash commands
  • Complete tool system (~29,000 lines)
  • Query engine (46,000 lines)
  • Multi-agent orchestration system
  • IDE bridge system (VS Code, JetBrains integration)
  • Persistent memory system

The leak reveals Claude Code is a sophisticated system with several key features:

  • Runtime: Bun (not Node.js) for faster startup and dead code elimination
  • UI: React with Ink (React for terminals) - component-based terminal UI
  • Validation: Zod v4 everywhere for schema validation
  • Tool system: Plugin-like architecture with permission gating
  • Multi-agent: Can spawn "swarm" sub-agents for parallel tasks
  • IDE integration: JWT-authenticated bidirectional communication

Why This Matters

The exposure of Claude Code's source code has significant implications for the industry:

  • Security Research Value: The exposure of Claude Code's source code makes it easier for security researchers to identify vulnerabilities and potential security risks.
  • Competitive Intelligence: The exposure of Claude Code's source code provides competitors with valuable information about its architecture and features.
  • Build Pipeline Lessons: The incident highlights the importance of proper build pipeline configuration and testing to prevent source maps from leaking into production.

If you use Claude Code:

  • Verify your installation method (npm is deprecated, use native installers)
  • Review permission modes - use 'plan' for unfamiliar repos
  • Enable sandboxing where possible
  • Set CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1
  • Disable Remote Control if not needed (off by default for Team/Enterprise)

If you publish npm packages:

  • Run npm pack --dry-run before every release
  • Audit what's actually in your tarball
  • Exclude .map files from production packages
  • Inspect final artifacts, not just source tree
  • Consider CI checks that fail the build if source maps are detected

This incident highlights the importance of proper build pipeline configuration and testing to prevent source maps from leaking into production. Even well-funded AI companies with security-focused reputations can make basic build pipeline errors. The lesson is to treat source maps as sensitive artifacts and implement proper CI/CD checks to prevent them leaking into production.

Sources:

  1. Chaofan Shou X Post
  2. Penligent
  3. Dev.to Community
  4. The Register
D

Dallum Brown

Writer and curator exploring the impact of technology on everyday life.

View All Articles

Subscribe to
The Brief

Our curated selection of tech news and other discoveries, delivered every month.

No spam. Unsubscribe anytime.

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to share your thoughts!

Privacy Notice

We use essential cookies for site functionality (session management, CSRF protection) and do not track you across the web. By using this site, you acknowledge our Privacy Policy and New Zealand Privacy Act 2020 compliance.

Learn More