Overview
- Claude Code’s npm package, version 2.1.88, shipped Tuesday with a 60MB source map that let researchers reconstruct about 1,900 TypeScript files totaling roughly 512,000 lines.
- Anthropic said the exposure was a human packaging error, confirmed no customer data or credentials were leaked, removed the affected versions, and said it is adding safeguards.
- Copies spread across GitHub within hours despite takedowns, and developers launched clean‑room rewrites such as a Python port, making the implementation details effectively permanent.
- Analyses of the recovered files describe a production agent with multi‑agent orchestration, a three‑layer memory system, an always‑on “KAIROS” mode with idle “autoDream,” an “Undercover Mode” for public commits, and internal model codenames like Capybara, Fennec, and Numbat.
- Security teams warned that the timing overlapped with reports of malicious axios packages on npm, and urged users to check lockfiles, rotate keys, prefer Anthropic’s standalone installer, pin safe versions, and note this is the second similar Claude Code exposure in about a year.