Overview
- Claude Code’s npm package, which shipped Tuesday with a 59.8 MB source‑map file, let researchers reconstruct roughly 1,900 TypeScript files and 500,000+ lines of internal code after Chaofan Shou flagged the leak.
- Anthropic confirmed a release‑packaging mistake, said no customer data or credentials were exposed, pulled the package, began DMCA takedowns, and urged users to switch to its standalone installer or pin to verified safe versions.
- The recovered code details the agent’s architecture, including a three‑layer memory system, a background daemon called KAIROS with “autoDream” consolidation, an “Undercover Mode” for public commits, and unreleased model codenames such as Capybara, Fennec, and Numbat.
- Security teams warned of concrete risks as mirrors spread and a same‑day malicious axios package surfaced on npm, prompting advice to audit lockfiles, rotate credentials, and review machines that updated during the window.
- This is the second such exposure since February 2025 and follows last week’s accidental posting of draft materials about the higher‑tier “Mythos/Capybara” model, with mirrors and clean‑room rewrites making the code effectively permanent despite takedowns.