Overview
- The @anthropic-ai/claude-code package, which shipped Tuesday as version 2.1.88, included a JavaScript source‑map file that let anyone rebuild the TypeScript source into roughly 1,900 files with more than 512,000 lines of code, first flagged publicly by security researcher Chaofan Shou.
- Anthropic said a human release-packaging mistake caused the exposure and not a hack, and the company removed the faulty version and said no customer data or model weights were included.
- Analysis of the reconstructed code shows detailed internals such as a three‑layer self‑healing memory system, a background agent mode called KAIROS with an autoDream process, and an Undercover Mode for discrete open‑source contributions.
- Security researchers warned the leak heightens real‑world risk because a trojanized axios dependency overlapped the install window and new typosquat npm packages have appeared, so users are urged to avoid the affected release, downgrade or use the native installer, audit dependencies, and rotate keys.
- The code was quickly mirrored on GitHub and widely shared on social media, and the incident follows last week’s exposure of internal drafts referencing a model dubbed Mythos or Capybara, renewing scrutiny of Anthropic’s release controls.