An Anthropic employee accidentally exposed the full proprietary source code of Claude Code by including a source map (.map) file in an npm package release. Source maps bridge minified production code and original source, enabling anyone to reconstruct the full codebase including internal constants, system prompts, and logic. This is the second such incident in recent months. Security experts note that while no customer data was exposed, the leak is serious because it allows attackers to analyze the code directly for vulnerabilities without reverse engineering. Developers are advised to disable source map generation for production builds, add .map files to .npmignore, and separate debug from production builds.
Sort: