Anthropic, the flagship AI company, has inadvertently exposed the source code for its major CLI tool Claude Code. It has already been extracted with mirrors published on GitHub.
Chaofan Shou announced the discovery on X.
“Claude Code source code has been leaked via a map file in their npm registry!” the user posted.
The post immediately stirred the AI community, attracting nearly 10 million views and 1.5 thousand comments.
Claude Code is a massively popular agentic AI coding assistant that runs in terminal. It can edit files and manage entire projects locally. Anthropic’s tool is closed-sourced and distributed as an obfuscated npm package.
However, Anthropic's published npm package containing Claude Code v2.1.88 allegedly exposed the source map file cli.js.map, which contained the full and unobfuscated TypeScript source code.
It appears that Anthropic scrambled to remove the npm package. However, it was too late. Multiple GitHub users already exposed copies of the project.
One of the GitHub repositories has already amassed nearly 30,000 stars and 40,200 forks.
Another one has 425 stars and 520 forks, with many developers dissecting the inner workings of the tool.
The author claims that the leaked Anthropic’s .map file’s size was 57MB, mapping 1,900 files and 512,000 lines of code.
The leaked code includes the core engine for LLM API calls, handling streaming responses, tool-call loops, thinking mode, retry logic, token counting, permission models, tools, etc. Some Hacker News users noted the extensive regex filter containing many swear words for detecting negative sentiment in users' prompts. This leak doesn’t expose the AI models themselves or user data.
Exposed internal logic makes it very easy to reverse-engineer the tool, identify security risks, or steal intellectual property. Users already noted that Claude Code is using axios as its dependency, a tool that was just hacked.
Many GitHub users now advertise their own build of Claude Code. However, they’re risking legal action.
“Just because the source is now 'available' *DOES NOT MEAN IT IS OPEN SOURCE*. You are violating a license if you copy or redistribute the source code, or use their prompts in your next project! Don’t do that,” posted full-stack developer Justin Schroeder on X.
The .map files are typically used by developers fixing programs in software. These plain text files act like a mini map of the original code, helping developers trace where the errors or problems occur. However, .map files usually don’t include the full source code.
Anthropic hasn’t yet released an official statement. Cybernews reached out to the company and will include its response.
...and Big Tech (there user tracking/profiling becomes much more valuable when there is a real name associated with it).