The full TypeScript source code for Anthropic's proprietary Claude Code tool has been made public by mistake. A security researcher found a .map file that had been leaked and pointed to the codebase. The original source code that was not changed has been saved and mirrored in a public GitHub repository under the backup branch nirholas/claude-code.

The breach is a big problem for Anthropic's intellectual property because the code that was leaked includes internal API client logic, OAuth 2.0 authentication flows, permission enforcement, multi-agent coordination, and even feature pipelines that were not made public. Anthropic has not yet made a public statement about the incident as of this writing. Companies that use Claude Code in their development processes should keep an eye on Anthropic's official security advisories. Developers should check the official npm registry for patched releases and stay away from third-party mirrors of the leaked source.

This article is based on information that is available to the public. ZeroOwl does not host or share the leaked source code. Follow LinkedIn and X for daily updates on cybersecurity.

If you need private help, you can call the Samaritans at 08457 90 90 90, go to a nearby Samaritans branch, or click here for more information. In the U.S., you can call the National Suicide Prevention Lifeline at 1-800-273-8255 or go to http://www.suicidepreventionlifeline.org/. For private use. If you need help in the UK, you can call the Samaritans at 08457 909090 or go to http://www.samaritans.org.