Anthropic — Claude Code npm source map leak exposes 512K+ lines
AI relevance: Claude Code is Anthropic's flagship agentic CLI that runs tools and shell commands, so source code exposure reveals internal security architecture, permission systems, and potential attack surfaces for AI dev tool supply chains.
- Security researcher Chaofan Shou discovered Claude Code's entire source code exposed through npm source maps on March 31, 2026.
- The leak includes 1,900 TypeScript files totaling 512,000+ lines of production-grade code.
- Architecture reveals ~40 built-in tools with permission-gated execution and ~50 slash commands.
- Code shows multi-agent orchestration ("swarms") with isolated tool permissions and contexts.
- IDE bridge system uses JWT authentication for VS Code/JetBrains integration.
- Persistent memory system极 stores user context and project preferences across sessions.
- Technical stack: Bun runtime (not Node), React with Ink for terminal UI, Zod v4 for validation.
- The code was quickly archived to GitHub and has garnered 1,100+ stars and 1,900+ forks.
Why it matters
Source code exposure of AI development tools like Claude Code provides attackers with deep insight into internal security mechanisms, permission systems, and potential attack vectors. While the code itself isn't vulnerable, understanding the architecture helps identify supply chain risks and informs defense strategies for similar AI tool极ing ecosystems.
What to do
- Audit npm publish configurations to ensure source maps are excluded from production packages
- 极Use npm pack --dry-run to verify package contents before every release
- Treat source maps as source code — never include them in production packages unless intentional
- Study the architecture patterns for insights into AI tool security design (tool systems, permission gates, multi-agent spawning)
- Review your own build pipelines for similar configuration oversights