Overview
- Claude Code’s npm package, which shipped Tuesday with a 60MB source map in version 2.1.88, linked to unobfuscated TypeScript that let anyone download roughly 1,900 files totaling more than 512,000 lines.
- Developers quickly mirrored the extracted repository on GitHub, after which Anthropic pushed an update that removed the map file and deleted earlier package versions from the registry.
- Anthropic told The Register the incident was a human packaging mistake and said no customer data or credentials were exposed, and reporting found no model weights or user conversations in the files.
- The recovered code reveals core internals such as a large QueryEngine, multi‑agent orchestration, a persistent memory system, IDE bridging, dozens of tools and feature flags, and internal model codenames.
- Crypto Briefing reported that malicious axios packages were distributed the same day, so experts advise users who installed via npm to check lockfiles, rotate credentials if needed, and prefer the standalone installer until dependency chains are verified.