Artificial Intelligence (AI)

Anthropic Accidentally Ships Claude Code Source in Npm Package, Exposing Unreleased Features and internal Telemetry

Staycalm4now By Staycalm4now - Owner 5 Min Read
We may include affiliate links in our content, meaning we could earn a commission—or receive blockchain-based assets—if you click a link and make a purchase or take a specific action. Additionally, we use generative AI to help draft and refine our posts for clarity and grammar. All content is fact-checked and reviewed by a human editor before publication.
Anthropic Accidentally Ships Claude Code Source in Npm Package, Exposing Unreleased Features and internal Telemetry

In Brief:

Contents
What’s in the codeTelemetry and security measuresAnthropic’s responseNo model weights, but plenty of architecture
  • A source map file left in Claude Code version 2.1.88 on npm exposed roughly 1,900 TypeScript files and more than 512,000 lines of proprietary source code.
  • Developers digging through the code found 44 feature flags covering unshipped capabilities, references to future models and internal telemetry that tracks user frustration signals.
  • Anthropic confirmed the exposure was caused by human error in its release packaging, saying no customer or model weights were involved.

Anthropic’s Claude Code CLI shipped with its full source code visible to anyone who looked. A source map file accidentally included in version 2.1.88 of the npm package gave the public a direct line to the TypeScript behind one of the most widely used coding tools on the market.

Security researcher Chaofan Shou, an intern at security firm Fuzzland, spotted the exposure on Tuesday and posted about it on X. The 59.8MB map file referenced a zip archive hosted on Anthropic’s Cloudflare R2 storage bucket. Within hours, the archive had been downloaded, decompressed, and backed up on GitHub, where it was forked more than 41,500 times.

What’s in the code

The archive contained 1,906 source files spanning internal API design, telemetry systems, encryption tools and inter-process communication protocols. It wasn’t just infrastructure plumbing. Developers found 44 feature flags covering capabilities that are fully built but not yet shipped to users.

Among the unreleased features: background agents that run continuously with GitHub webhooks and push notifications, a system for one Claude instance to orchestrate multiple worker instances each with restricted toolsets, cron scheduling for agents, a full voice command mode with its own CLI entrypoint, browser control via Playwright and agents capable of sleeping and self-resuming without user input. Persistent memory across sessions was also built in.

Anthropic Accidentally Ships Claude Code Source in Npm Package, Exposing Unreleased Features and internal Telemetry
Anthropic Accidentally Ships Claude Code Source in Npm Package, Exposing Unreleased Features and internal Telemetry 1 Anthropic Accidentally Ships Claude Code Source in Npm Package, Exposing Unreleased Features and internal Telemetry

The code also contained references to future models, including Opus 4.7, Sonnet 4.8 and a codename “Capybara.” Unreleased feature names found in the source include KAIROS, described as long-term memory, ULTRAPLAN for advanced planning, a “Buddy mode” and an “Agent Teams” system.

Telemetry and security measures

The source revealed that Anthropic tracks specific user behavior signals, including how often users swear at Claude (as a proxy for frustration) and how frequently they type “continue” (to measure response cutoffs). The code also includes protections designed to prevent other processes on a user’s machine from stealing session tokens and a system to verify that requests originate from a legitimate client.

Anthropic’s response

“Earlier today, a Claude Code release included some internal source code,” an Anthropic spokesperson told The Register. The company said no customer data or credentials were involved or exposed. “This was a release packaging issue caused by human error, not a security breach. ‘re rolling out measures to prevent this from happening again.”

This isn’t the first time it’s happened. In February 2025, an early version of Claude Code was exposed through the same source map issue, prompting Anthropic to pull the affected package and delete the file. The problem resurfaced with version 2.1.88. Multiple GitHub repositories had previously extracted and organized deobfuscated Claude Code source, including one that accumulated nearly 1,000 stars.

Software engineer Gabriel Anhaia, who published a technical analysis of the leak, said it should serve as a warning even for well-resourced teams. “A single misconfigured .npmignore or files field in package.json can expose everything,” Anhaia wrote.

No model weights, but plenty of architecture

To be clear: the leak is the TypeScript client code for the CLI tool. It does not include model weights, training data or anything that would let someone run their own version of Claude. But the full exposure of internal architecture, security mechanisms and telemetry logic means Anthropic’s implementation decisions are now transparent to competitors and the open-source alike.

The original GitHub uploader has since repurposed his repository to host a Python feature port of Claude Code, citing concerns about legal liability for hosting Anthropic’s intellectual property. Forks and mirrors remain widely available.

Anthropic did not say whether it plans to request takedowns of the repositories.

You Might Also Like

Unmarshal and FishWar Collaborate to Improve Web3 Gaming with AI

Solana Agent Hackathon: AI Competition On

YGG Play and Verse8 have launched a $5,000 hackathon focused on casual Web3 games.

Google and Coinbase Enable Stablecoin Payments for AI Applications

OpenAI to Allow Erotic Chat for Verified Adults as Sam Altman Announces Major Policy Shift

Share This Article
By Staycalm4now
Owner
Follow:
George Tsagkarakis, known as Staycalm4now is a professional author in the crypto gaming industry since early 2018. He has experienced all the growth of Blockchain Gaming and helped multiple projects achieve their goals and established a player base. He is the co-founder of egamers.io and now the Founder and owner of CryptoGames.gg He is also the COO of MyStage, an AI x Crypto Startup.
Previous Article Playnance Expands $GCOIN Ecosystem With 2.5 Million Annual Sports Events Via SOFTSWISS Partnership Playnance Expands $GCOIN Ecosystem With 2.5 Million Annual Sports Events Via SOFTSWISS Partnership
Leave a Comment
Subscribe
Notify of
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Latest News
Anthropic Accidentally Ships Claude Code Source in Npm Package, Exposing Unreleased Features and internal Telemetry
Anthropic Accidentally Ships Claude Code Source in Npm Package, Exposing Unreleased Features and internal Telemetry
Playnance Expands $GCOIN Ecosystem With 2.5 Million Annual Sports Events Via SOFTSWISS Partnership
Playnance Expands $GCOIN Ecosystem With 2.5 Million Annual Sports Events Via SOFTSWISS Partnership
Ragnarok Online Landverse to shut down June 1; Ronin version unaffected
Ragnarok Online Landverse to shut down June 1; Ronin version unaffected
AliBAE launches Qwen-based platform with 100,000 CHECK prize pool
AliBAE launches Qwen-based platform with 100,000 CHECK prize pool
Onchain Heroes launches World's Eve as Primora develops and Maze responds.
Onchain Heroes launches World’s Eve as Primora develops and Maze responds.
Radiant Shuts Down its Gaming Rewards Platform
Radiant Shuts Down its Gaming Rewards Platform
Solana launches PlayVERSE, the first gaming dApp store on PSG1 console
Solana launches PlayVERSE, the first gaming dApp store on PSG1 console
List of unblocked games for Chromebook
Best Unblocked Games for Chromebook 2026 (No Download, No Install)