$ cat claude-code-leak-anthropic-npm.mdx

Anthropic Accidentally Published Claude Code's Source

Apr 4, 2026 · #anthropic #claude-code #npm #security #open-source #leak #aitu

Someone at Anthropic forgot a single file - .npmignore - and accidentally shipped 512,000 lines of TypeScript source code to the public npm registry.

Claude Code source code leak

How It Happened

The culprit was a missing .npmignore file. Without it, when Anthropic published the claude-code package to npm, the build process included everything - not just the compiled output, but the full source tree.

We’re talking about roughly 1,900 files and a 59.8 MB source map. That’s not a snippet. That’s the whole kitchen.

The person who found it wasn’t a seasoned security researcher. It was Chaofan Shou, an intern, at 4:23 AM ET. He posted about it, the internet noticed, and within two hours claude-code hit 50,000 GitHub stars.

What Was Inside

The source code gave a rare look inside a production AI developer tool. TypeScript, internal tooling, the architecture behind one of the most-hyped CLI tools in the AI space right now.

Was it dangerous? Anthropic moved quickly to confirm that no customer data was included in the leak. No API keys, no personal information, no conversation logs. Just the code itself.

Still - unintentional source disclosure is never a good look. Especially for a company building tools that developers are supposed to trust with their codebases.

What Came After

The GitHub star spike was the fun part. What followed was less fun.

Typosquatting attacks showed up almost immediately. Bad actors registered similarly-named npm packages hoping developers would accidentally install them instead of the real thing. This is a well-worn playbook - a high-profile package gets attention, and opportunists try to ride the wave.

It’s also worth knowing this was the second leak in a week for Anthropic. The Mythos internal system had also been exposed shortly before. Two accidental disclosures in rapid succession raises questions about publishing workflows and review processes.

What This Tells Us

The fact that claude-code is written in TypeScript isn’t a surprise - lots of CLI tooling is. But seeing the scale of it (~1,900 files) gives you a sense of how much engineering sits behind what looks like a simple terminal interface.

The more interesting story here isn’t the code itself. It’s the speed at which the community reacted - 50K stars in two hours is remarkable - and how quickly the security community identified the downstream risks.

A missing .npmignore is a mundane mistake. The consequences weren’t.

My Take

This is a good reminder that security hygiene in publishing pipelines matters as much as security in the product itself. Anthropic builds tools that handle sensitive developer workflows. The accidental disclosure of source code - twice in a week - is the kind of thing that erodes trust quietly, even if no actual harm was done.

The typosquatting response was predictable and fast. That part the security community handled well. But Anthropic needs better guardrails on what gets shipped to public registries.

Sources

  • VentureBeat - “Anthropic accidentally leaks Claude Code source code on npm” (31.03.2026)
  • Fortune - “An intern found Anthropic’s leaked code at 4 AM” (31.03.2026)
  • The Hacker News - “Claude Code npm package exposes 512K lines of TypeScript source” (01.04.2026)
  • Layer5 - “Analysis of the Claude Code npm leak” (01.04.2026)
  • Gizmodo - “Anthropic’s Claude Code source code was briefly public” (31.03.2026)
  • DEV.to - “What the Claude Code leak actually contained” (01.04.2026)
$ cd ../