Around 4 o’clock, X blogger @Fried_rice posted:
“The source code of Claude Code was leaked through the map files in their npm repository!”
In the official @anthropic-ai/claude-code npm package released by Anthropic, the .map source map files used for debugging were mistakenly included.
These source maps contain the complete TypeScript source code paths and content, which should only exist in development or debugging environments,but were packaged into the production build.
Using the .map files, someone successfully fully restored the source code from the compressed output.
Someone packaged and organized the extracted complete source code anduploaded it to the GitHub platform for “research and security analysis” purposes.
For example, the following GitHub project that just went open source:
Open Source Address: https://github.com/instructkr/claude-code