What the Claude Code Leak Reveals About Build‑Pipeline Security

On a Tuesday morning, security researcher Chaofan Shou discovered a critical source‑code vulnerability in Anthropic’s Claude Code and publicly disclosed it.

The exposed snapshot was quickly uploaded to a GitHub repository that has since been forked more than 41,500 times, spreading the code widely across the AI and security communities.

The leak originated from the official Claude Code npm package, which included a source‑map file that referenced an un‑obfuscated TypeScript bundle stored in Anthropic’s Cloudflare R2 bucket. By downloading and extracting the zip archive, Shou obtained the full source.

The archive contains roughly 1,900 TypeScript files—over 512,000 lines of code—including the complete command library and built‑in tools, essentially the entire codebase.

Developers have performed reverse‑engineering on the code; an example fork can be found at

https://github.com/DonutShinobu/claude-code-fork/tree/main/src

. A dedicated site, CCLeaks (

https://www.ccleaks.com/

), aggregates hidden parts of Claude Code that were never publicly released.

The incident highlights a serious misstep by Anthropic: publishing a source‑map file in a production release. Map files are intended for debugging obfuscated code and should never be shipped, as they provide a direct reference to the original source, making it easy for attackers to reconstruct the code.

Developer Gabriel Anhaia warned that even seasoned engineers must audit their build pipelines, noting that a misconfigured .npmignore or an incorrect files field in package.json can expose everything.

Anthropic’s media statement admitted the error as human mistake, emphasizing that no customer data or credentials were compromised and that the issue was a packaging error, not a security vulnerability. The company has asked users to remove the public repositories and has requested Microsoft to take down the infringing projects on GitHub.

Some community members have migrated the code to a Python port, hosted at

https://github.com/instructkr/claude-code

, while numerous forks and mirrors remain available for those wishing to explore the leaked source.

Observers have humorously remarked that Anthropic now resembles an “OpenAI” in terms of openness—whether intentional or accidental.