04-01-2026, 04:16 PM
(Edited 04-01-2026, 04:28 PM by AckLine.)
The developers of Anthropic accidentally released the entire source code of their CLI tool Claude Code to the public. This leak was caused by a forgotten source map file in the npm package
On March 31, 2026, Anthropic released the Claude Code update version 2.1.88 via npm However, the package mistakenly included a 60 MB cli.js.map file source map, which contained the complete sources of the application
The source map is a debug file that links compiled JavaScript to the original code If it has a sourcesContent field, you can restore all source files completely from it
The first to draw attention to the problem was information security researcher Chaofan Shou, who published a link to an archive with files on the social network X. Soon the source code was published on GitHub, and by now the repository has been forked tens of thousands of times
![[Image: IMG-3106.jpg]](https://external-content.duckduckgo.com/iu/?u=https://i.ibb.co/qFs1KTT6/IMG-3106.jpg)
https://gitverse.ru/anarchic/claude-code
On March 31, 2026, Anthropic released the Claude Code update version 2.1.88 via npm However, the package mistakenly included a 60 MB cli.js.map file source map, which contained the complete sources of the application
The source map is a debug file that links compiled JavaScript to the original code If it has a sourcesContent field, you can restore all source files completely from it
The first to draw attention to the problem was information security researcher Chaofan Shou, who published a link to an archive with files on the social network X. Soon the source code was published on GitHub, and by now the repository has been forked tens of thousands of times
https://gitverse.ru/anarchic/claude-code