Anthropic, the firm behind Claude Code, has accidentally included an unobfuscated TypeScript source in the AI coding tool's npm package, exposing over 500,000 lines of code, built-in tools, and full slash command libraries, reports The Register.According to Chaofan Shou, a researcher who discovered the leak, the map file contained a reference to a Cloudflare R2 storage bucket-hosted zip archive. Antrophic confirmed the exposure, clarifying that it was due to human error and not a security breach. Preventive measures are reportedly being implemented."A single misconfigured .npmignore or files field in package.json can expose everything," wrote software engineer Gabriel Anhaia in his analysis of the leak. The exposed source code has been uploaded to a GitHub repository and has been forked at least 41,500 times. The original uploader on GitHub modified his repository to show a Python feature version instead of the publicly leaked source due to potential legal responsibility concerns.
AI/ML
Claude Code source code inadvertently leaked

(Adobe Stock)
An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



