Anthropic has once again inadvertently exposed the source code of its AI coding tool, Claude Code, due to a packaging error in a public npm release. This incident, identified by security researcher Chaofan Shou on March 31, 2025, involved a source map file that allowed users to access 1,906 internal files, revealing sensitive elements like API designs and encryption tools. This is the second such incident within a year, following a similar leak in February 2025, raising concerns over software release controls amid the rapid adoption of AI tools in enterprises.
Although the exposure doesn’t compromise user data or model weights, it does highlight vulnerabilities in Anthropic’s internal system designs and security protocols. Experts suggest that such fundamental packaging mistakes should not occur in production environments used by professionals. The rapid archiving of the exposed code on public repositories further escalates visibility and potential exploitation risks, underscoring the need for tighter release validation processes.
Source link
