TL;DR

On March 31, 2026, a packaging mistake caused Anthropic to accidentally publish the full source of Claude Code through the public npm registry. The release included a source map referencing an archive stored on a publicly accessible Cloudflare R2 bucket. The artifact exposed approximately 512,000 lines of TypeScript, nearly 1,900 files, numerous unreleased features and internal safeguards. Available evidence indicates this was a genuine accidental leak rather than a deliberate public relations move.

What happened

The incident stemmed from two configuration failures in the release pipeline. A source map file intended for internal debugging was included in the npm package because the package configuration did not exclude .map files. That source map did not embed the source directly. Instead, it referenced an external src.zip hosted on Anthropic’s Cloudflare R2 storage. The R2 bucket was publicly accessible without authentication, allowing anyone who inspected the source map to download the archive and recover the complete TypeScript source.

How the exposure unfolded

The publication chain was simple and reproducible. Installing the package downloaded the source map, the source map pointed to a URL on R2, and the R2 URL delivered a downloadable zip archive of the source. Security researchers and community members quickly identified the artifact, downloaded the archive, and mirrored or forked the code across public repositories. One fork count reported more than 41,500 forks before containment steps were applied.

Why this was likely not a PR stunt

Multiple indicators support the conclusion that the leak was accidental rather than intentional:

Company statements framed the issue as a packaging and release engineering error rather than an orchestrated disclosure.
Prior incidents included a similar source map leak in early 2025, suggesting systemic process gaps rather than a single creative decision.
Commercial harm was real and significant. Claude Code is a high-value product with reported annualized recurring revenue in the billions. Exposing proprietary agent architecture and anti-distillation measures risked competitive damage.
External discovery by independent security researchers drove public awareness. The timeline and reporting pattern match an organic detection rather than a staged reveal.

What the leak revealed

The leaked archive contained a wide range of sensitive assets and internal signals. Notable discoveries reported by analysts and researchers included:

Internal codenames and models, referenced in comments and config names.
Unreleased features such as proactive assistant modes, multi-agent coordination, and persistent memory systems.
Anti-distillation mechanisms and deceptive tooling intended to frustrate extraction or automated cloning attempts.
Telemetry and instrumentation revealing metrics used to measure user friction and usage patterns.
Hidden feature flags and developer utilities, including some small easter-egg like development artifacts.

Operational and security impact

The fallout combined technical, commercial, and reputational risks. Competitors and researchers gained insights into internal architecture, feature roadmaps, and defensive mechanisms. Public replication of the codebase complicated the ability to contain the exposure. The repeated nature of similar packaging errors raised questions about release engineering controls and audit practices.

Key lessons and recommended mitigations

Organizations that distribute compiled or bundled software can reduce risk by implementing the following measures:

Strict packaging rules that exclude debug artifacts and source maps from production packages unless intentionally published.
Automated release gates and pre-publish validation checks that verify the contents of published artifacts against an allowlist.
Secure storage configuration for cloud object stores with least privilege access, private buckets by default, and audit logging enabled.
Secrets and key rotation to revoke compromised access quickly and to audit for exposed credentials.
Post-release incident playbooks that combine rapid containment, disclosure to affected stakeholders, and legal review.

Conclusion

The Claude Code incident illustrates how a small packaging misconfiguration can cascade into a major leak of proprietary software. Evidence available from public reports and researcher investigations supports the assessment that the event was an accidental release rooted in release engineering gaps. The episode underscores the importance of rigorous CI and release controls, secure object storage practices, and proactive auditing to prevent similar incidents in large scale software projects.