How a Tiny .map File Earned Anthropic 11K Stars and Exposed Critical Engineering Mistakes

Incident Overview

On 31 March 2026 Anthropic published the npm package @anthropic-ai/claude-code version v2.1.88. The production bundle unintentionally contained a 57 MB cli.js.map source‑map file. The map stores the original TypeScript source (≈512 000 lines) and file paths, allowing the full codebase to be reconstructed with a short script.

Within an hour the backup GitHub repository for the leaked code received 11 300 Stars and 17 300 Forks, indicating rapid community archiving.

Technical Details of the Leak

The source‑map is a standard JSON document with two parallel arrays, sources and sourcesContent. A script of fewer than ten lines can iterate over these arrays and write each entry to its original file path, reproducing the entire codebase without de‑obfuscation.

const map = require('./cli.js.map');
map.sourcesContent.forEach((content, i) => {
  const path = map.sources[i];
  require('fs').mkdirSync(require('path').dirname(path), { recursive: true });
  require('fs').writeFileSync(path, content);
});

What the Source Revealed

Architecture : The CLI is built with React + Ink, providing a REPL loop that accepts natural‑language input and slash commands, and communicates with the Claude model API.

Core Business Logic : Over 40 permission‑control utilities, 46 000 lines of query‑engine code, multi‑agent coordination, an IDE bridge, persistent memory mechanisms, and the system prompt and tool‑call logic.

Experimental Features : Unreleased components such as the terminal pet “BUDDY”, the persistent AI assistant “KAIROS”, the cloud‑deep‑planning module “Ultraplans”, 26 hidden slash commands, and employee‑only feature toggles.

Product Road‑Map : Code comments mark a feature‑preview window from 1 April to 7 April 2026, with a planned public release in May 2026, exposing roughly six months of product planning.

Historical Context

A similar source‑map misconfiguration occurred when Claude Code first launched on npm in February 2025, prompting an emergency fix. Five days before the March 31 incident, on 26 March 2026, Anthropic also leaked about 3 000 internal, unpublished assets (including draft information about the Mythos model) due to a CMS configuration error.

Security Implications for AI‑Assisted Development

Security researchers have previously demonstrated that malicious npm packages can inject backdoors into Claude Code, and that dangerous command‑line flags can cause the tool to scan and upload SSH keys, API tokens, and environment variables. The leaked source exposes Claude Code’s permission‑control logic and command‑execution mechanisms, effectively providing a detailed “attack manual” for adversaries.

Relevance to Java Developers

The incident mirrors classic Java‑centric configuration oversights, such as:

Including application.yml with database passwords or API keys in a production JAR.

Leaving debug mode enabled in production, exposing full stack traces.

Deploying test‑environment configuration to production, causing unintended data writes.

Logging sensitive user information or authentication tokens.

Anthropic’s failure to disable source‑map generation and to exclude the file via .npmignore illustrates how a single low‑level misconfiguration can compromise an entire codebase, regardless of the engineering talent behind the product.