Claude Code Leaked 512,000 Lines of Source. Here’s What the Community Found Inside.

2026-04-02 · Source: Artificial Intelligence on Medium · Field: Technology & Digital — Software Development & Engineering, Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Intermediate, quick

Summary

On March 31, 2026, a routine v2.1.88 release of Claude Code inadvertently exposed 512,000 lines of its source code. An engineer omitted `*.map` from the `.npmignore` file, causing a 59.8 MB `cli.js.map` file to be included in the npm package. This map file contained a direct link to a complete source code zip stored on Anthropic's R2 storage, making the entire codebase publicly accessible. Boris Cherny, Claude Code's engineering lead, confirmed it was a developer error, emphasizing that such incidents are systemic failures related to process, culture, or infrastructure, rather than individual fault, specifically citing a manual deploy step that lacked automation.

Key takeaway

For engineering leaders overseeing software releases, this incident underscores the critical need for robust automation in deployment processes. Your teams should audit `.npmignore` or similar configuration files to ensure all sensitive or unnecessary files are explicitly excluded. Prioritize automating manual steps to minimize human error and prevent unintended source code exposure, thereby safeguarding intellectual property and maintaining release integrity.

Key insights

A single `.npmignore` oversight exposed 512,000 lines of Claude Code's source, highlighting automation gaps.

Principles

• Systemic failures, not individual errors, cause security incidents.
• Automate manual deployment steps to prevent human error.

In practice

• Review `.npmignore` files for comprehensive exclusion rules.
• Implement automated deployment pipelines.

Topics

• Claude Code
• Source Code Leak
• npmignore
• Developer Error
• Anthropic R2

Best for: CTO, VP of Engineering/Data, Director of AI/ML, Tech Journalist, Software Engineer, DevOps Engineer

Related on AIssential

• Anthropic Accidentally Leaked 512,000 Lines of Claude Code — Accidental source code leaks can rapidly spread and become irreversible, even with internal preventative measures.
• Inside the leaked Claude Code files — Accidental code leaks can reveal sensitive AI architecture and unreleased features, prompting rapid community response and copyright challenges.
• Claude’s code: Anthropic leaks source code for AI software engineering tool — Human error led to a significant source code leak for Anthropic's Claude Code, raising security and competitive concerns.
• I Read Every Line of Anthropic’s Leaked Source Code So You Don’t Have To. — A configuration oversight led to the public exposure of Anthropic's proprietary Claude Code codebase.
• v2.1.112 — Recent Claude Code CLI updates enhance security, performance, and user experience through new features and bug fixes.
• Claude Code's source code appears to have leaked: here's what we know — Anthropic's Claude Code leak reveals a sophisticated agentic AI architecture, including a three-layer memory system and autonomous background processing.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence on Medium.