https://tokentimes.net/tags/claude-code/Recent content in Claude-Code on Token TimesHugo -- gohugo.ioen-USToken TimesThu, 02 Apr 2026 00:00:00 +0000https://tokentimes.net/posts/2026-04-02-claude-code-leak/Thu, 02 Apr 2026 00:00:00 +0000https://tokentimes.net/posts/2026-04-02-claude-code-leak/ <p><figure> <picture> <img loading="lazy" decoding="async" alt="Accidental Leak Exposes Claude Code&amp;amp;rsquo;s Source Code and Internal Secrets" class="image_figure image_internal image_unprocessed" src="https://tokentimes.net/images/2026-04-02/claude-code-leak.png" /> </picture> </figure> </p> <p>A human packaging error accidentally included nearly 60 megabytes of source map files in Claude Code version 2.1.88 via npm, exposing around 500,000 lines of original TypeScript code that included the AI&rsquo;s internal prompts, orchestration logic, and a controversial &ldquo;Undercover Mode&rdquo;.</p> <h2 id="context">Context</h2> <p>On March 31, 2026, Anthropic published what was expected to be a simple routine update (version 2.1.88) for the Claude Code npm package—their cutting-edge command-line interface (CLI) assistant agent targeting software developers. However, a configuration misstep during the deployment sent a 59.8 MB <code>.map</code> file straight into the package registry. These Source Map files allowed developers and researchers to reverse-engineer the transpiled JavaScript and completely access approximately 500,000 lines of the application&rsquo;s core un-obfuscated TypeScript source code. Anthropic quickly confirmed the oversight was caused by a &ldquo;release packaging human error,&rdquo; instantly dismissing rumors of malicious network breaches or an intentional pivot to Open Source distribution.</p>