Anthropic confirmed that version 2.1.88 of the @anthropic-ai/claude-code package, released on April 1, 2026, accidentally included an approximately 60 MB source map file that allowed significant portions of the encoding agent source code to be reconstructed. The company immediately removed the affected version from the npm registry after users identified the exposure. The company attributed the incident to human error in the packaging process, ruling out any external security breach or exposure of sensitive customer data.
Escala of exposure and leaked file contents
The source map file made available allowed access to approximately 1,900 TypeScript files and more than 512 thousand lines of code relating to the Claude Code structure, a command line tool that uses the agentic capabilities of the Claude model to execute programming tasks autonomously. The failure occurred because ignore settings that were supposed to keep the source map internal did not work properly during final build preparation.
The included map pointed to a compressed file hosted on Anthropic storage, making it easy for anyone interested to fully download the content during the brief period in which it remained available on the npm registry, a repository widely used by developers around the world.
- Package version 2.1.88 was removed from npm shortly after the issue was identified.
- Cópias of the leaked code was quickly archived in public repositories on GitHub.
- Pesquisadores began examining the material for insights into the agent’s architecture.
Resposta of Anthropic and preventive measures implemented
The company issued an official statement confirming that the episode resulted exclusively from human error and reinforced that no sensitive customer data or credentials were exposed. Additional Medidas prevention measures are being implemented to prevent similar repetitions in future software releases. Claude Code remains operational for users without case-related outages.
Especialistas in supply chain security note that leaks of this type, even without exposure of AI models or customer data, can provide visibility into a company’s internal tools and workflows. Anthropic stated that it works to strengthen review processes before new publications.
Análise technical code available
Desenvolvedores who reviewed the exposed code identified references to internal tools, interaction patterns between components, and agent-specific configurations. The volume of lines of code suggests a complex foundation that integrates the language model with task execution, automatic review and workflow management capabilities. Parte content reveals approaches used to control agent behavior in practical coding scenarios.
The material allows researchers to examine agent orchestration mechanisms, tool management, and strategies for containing unwanted behaviors. Embora’s core language model has not been exposed, the architecture around it offers clues about how Anthropic structures complex interactions between AI and external systems.
Contexto of recent incidents and impact on the ecosystem
Este is the second episode reported in a short period of time involving accidental exposure of internal information from Anthropic. Last week, draft content files became publicly accessible through management tool settings. The company treated both cases as isolated operational failures and unrelated to external attacks or misuse of its own AI tools.
The incident comes at a time of accelerated growth for AI-assisted development tools. Claude Code, launched in February 2025, gained traction by adding agentic features that allow the model to perform actions on behalf of the user with different levels of autonomy. Comunidades of developers are closely following developments in the case, especially as npm represents a central part of the modern software supply chain. The leak could accelerate discussions about security practices in AI product releases, particularly those involving agentic components with the potential for autonomous action.