Anthropic shipped a 57MB cli.js.map file in the latest Claude Code npm package. Again.
The source map contains the full TypeScript source, extractable in seconds. The src/ directory includes everything: components, commands, tools, services, hooks, query engine, cost tracker, context handling, the works. 785K main.tsx, 67K query.ts, 46K QueryEngine.ts, 29K Tool.ts.
This is at least the third time this has happened:
- Feb 2025 — source maps shipped in the npm package. Anthropic rushed to yank it and purge npm cache. Someone recovered it from their Sublime Text undo buffer.
- ~Sep 2025 — leaked again via the same vector.
- Mar 31, 2026 — today. 57MB map file, full source, still sitting in the npm registry.
The irony: this happened on the same day as the axios supply chain attack, where a hijacked maintainer pushed malicious code through npm. npm's trust model is having a rough day.
To be fair, source code leaking from an npm package isn't a security vulnerability. The code is always technically extractable from the minified bundle. Source maps just make it trivial instead of painful. But shipping them three times suggests the build pipeline still doesn't strip them reliably.
At this point Anthropic might as well just open source it. The code leaks every few months anyway.
Top comments (0)