Overview
- @anthropic-ai/claude-code v2.1.88, published Tuesday, included a 60MB source map that let researchers rebuild about 1,900 TypeScript files totaling roughly 512,000 lines.
- Anthropic removed the file and deleted affected npm versions, calling it human error and stating no customer data or credentials were exposed.
- Copies of the recovered code spread across GitHub and other repositories before removal, and clean‑room rewrites appeared, making the disclosure effectively permanent.
- Analyses of the files describe a production agent with a three‑layer memory system, multi‑agent orchestration, permission‑gated tools, and internal flags pointing to features like a background KAIROS mode and an Undercover workflow.
- The timing overlapped with reports of malicious axios packages on npm, and researchers urged developers to check lockfiles, rotate credentials, and use Anthropic’s standalone installer or pinned safe versions.