Anthropic Accidentally Leaks 512K Lines of Claude Code Source Code — And a RAT Was Hiding in npm
Anthropic had a rough morning on March 31. A packaging error in version 2.1.88 of its @anthropic-ai/claude-code npm package accidentally shipped a 59.8 MB internal JavaScript source map file — instantly exposing roughly 512,000 lines of TypeScript source code to anyone who downloaded the package. Within hours, a Solayer Labs intern broadcast the discovery on X, and the code was mirrored across GitHub and analyzed by thousands of developers. Anthropic confirmed the incident, calling it a "release packaging issue caused by human error" and stressing that no sensitive customer data or credentials were involved. Competitors like Cursor now have a literal architectural blueprint of Claude Code, the product Anthropic estimates is generating around $2.5 billion in annualized revenue.
The leak itself would have been embarrassing enough, but VentureBeat's reporting reveals a second, more alarming incident running concurrently. Between 00:21 and 03:29 UTC on March 31, a malicious version of the widely-used axios library — bundled within the same package — contained a Remote Access Trojan. Any enterprise team that auto-updated Claude Code during that narrow three-hour window may have inadvertently installed malware alongside their AI tooling. This was a separate supply chain attack, not a consequence of the source map leak, but the timing meant both incidents landed simultaneously. Coming just days after Anthropic's accidental publication of the Claude Mythos blog post, the double incident underscores growing questions about release-process discipline at one of the AI industry's most closely watched companies.