Anthropic Accidentally Leaks Claude Code Source Code via npm Packaging Error

Anthropic confirmed on March 31, 2026 that it accidentally exposed the source code of Claude Code — its AI coding command-line tool — via a misconfigured npm package deployment. A packaging defect caused source maps containing approximately 512,000 lines of TypeScript source files to be included in the public npm release of Claude Code version 2.1.88. The root cause was a known defect in the Bun JavaScript runtime that caused source maps to bypass.npmignore exclusion rules, exposing internal code architecture to anyone who downloaded the package.

The disclosure was Anthropic's second security incident in less than a week, following a March 26 report that internal details about an unreleased AI model had been left exposed in an unsecured database. More critically, security researchers identified that a trojanized version of an HTTP client was bundled within the affected Claude Code npm package for approximately three hours, containing cross-platform remote access trojan (RAT) code. Developers who updated Claude Code between roughly 00:21 and 03:29 UTC on March 31 may have been exposed to the malicious package variant, triggering subsequent dependency confusion attacks using typosquatted internal package names.

Anthropic disputed the characterization of a "security breach," calling it "a release packaging issue caused by human error" with no customer credentials or data involved. However, the incident arrives at a sensitive moment: the company is reportedly pursuing an IPO as early as Q4 2026 targeting a 0 billion-plus raise, making enterprise trust a commercial priority. The supply chain attack vector has broader implications for the AI developer tools market, raising scrutiny on competitors including MSFT (GitHub Copilot) and GOOGL (Gemini Code Assist) to audit their own npm and package distribution pipelines.