Anthropic's Claude Code Source Leaks via npm, Revealing Profanity Logging and Sparking Instant Open-Source Forks

A source-map file left in Anthropic's npm registry exposed the entire Claude Code codebase. Within hours, the community had forked it, ported it to Python and Rust, and discovered that the tool silently logs profanity from user prompts to an internal database.

Anthropic's Claude Code — the company's flagship agentic coding tool — had its full source code exposed to the public through a source-map file accidentally published to the npm registry, as first reported by @Fried_rice. The leak, which went viral across developer communities on Tuesday, represents one of the most consequential accidental disclosures in recent AI tooling history, arriving at a particularly awkward moment for a company that has carefully guarded its intellectual property while positioning itself as the safety-first AI lab.

The exposure was discovered by a security researcher who noticed the .map file bundled with Claude Code's npm package, providing a full reconstruction path back to the original TypeScript source. @YahooFinance confirmed that the leak came through a standard source-map file — an artifact typically stripped before production deployment. The oversight is elementary by security standards, the kind of mistake that would fail a junior engineer's code review.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae.

Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Proin pharetra nonummy pede. Mauris et orci. Aenean nec lorem. In porttitor. Donec laoreet nonummy augue. Suspendisse dui purus, scelerisque at, vulputate vitae, pretium mattis, nunc. Mauris eget neque at sem venenatis eleifend. Ut nonummy. Fusce aliquet pede non pede. Suspendisse dapibus lorem pellentesque magna integer malesuada.

Curabitur sed tortor. Integer aliquam adipiscing lacus. Ut nec urna et arcu imperdiet ullamcorper. Duis at lacus. Quisque purus sapien, gravida non, sollicitudin a, malesuada id, erat. Etiam vestibulum massa rutrum magna. Cras convallis convallis dolor. Quisque tincidunt pede ac urna nunc lectus fermentum diam, at placerat a purus rutrum et vulputate risus nisl sit amet nunc.

Maecenas lorem. Pellentesque pretium lectus id turpis. Etiam sapien elit, consequat eget, tristique non, venenatis quis, ante. Fusce wisi. Phasellus faucibus molestie nisl. Fusce eget urna. Curabitur vitae diam non enim vestibulum interdum nulla id dolor aliquet vulputate. Donec vitae sapien ut libero venenatis faucibus nullam quis ante etiam sit amet orci eget eros faucibus tincidunt.

Vivamus elementum semper nisi. Aenean vulputate eleifend tellus. Aenean leo ligula, porttitor eu, consequat vitae, eleifend ac, enim. Aliquam lorem ante, dapibus in, viverra quis, feugiat a, tellus. Phasellus viverra nulla ut metus varius laoreet. Quisque rutrum aenean imperdiet etiam ultricies nisi vel augue curabitur ullamcorper ultricies nisi nam eget dui.

Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu. In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo. Nullam dictum felis eu pede mollis pretium. Integer tincidunt cras dapibus vivamus elementum semper nisi. Aenean vulputate eleifend tellus aenean leo ligula porttitor eu consequat vitae eleifend ac enim aliquam lorem ante dapibus in viverra quis.

Get our free daily newsletter

Get this article free — plus the lead story every day — delivered to your inbox.

Want every article and the full archive? Upgrade anytime.

No spam. Unsubscribe anytime.