A Hacker News thread currently breaking all records (over 1800 points and approaching 900 comments) discusses what appears to be one of the most embarrassing security blunders in the AI industry in a long time: Anthropic included the entire source code for Claude Code in a public npm package — by mistake.

What happened is technically quite simple. Source maps are debug files that link minified code back to the original, readable source material. They should never end up in production. But in version 2.1.88 of @anthropic-ai/claude-code, the file cli.js.map appeared — 59.8 MB, approximately 512,000 lines of TypeScript spread across nearly 2,000 proprietary source files.

Competitors were served a complete technical blueprint for building commercial AI agents — for free, via npm.

What was exposed? According to people who have delved into the material: internal API design, telemetry systems, encryption and IPC logic, agent architecture, memory management, orchestration systems, and — perhaps most interestingly — 44 feature flags for functions not yet launched. Internal codenames like "Tengu", "Fennec", and "Numbat" also became visible.

What makes this extra awkward is that this isn't the first time. A previous version from February 2025 had the exact same problem. Anthropic took down that version back then. Then it happened again.

For security professionals, this is more than a PR blunder. Source map leaks act as a "vulnerability amplifier" for AI agents: when an attacker knows exactly how internal modules, error handling, and tool integrations are connected, prompt injection, tool abuse, and lateral movement become significantly easier to execute. Combined with a supply-chain attack against the axios npm package occurring around the same time, there is reason to follow this closely.

HN comments also discuss what people are calling "frustration regexes" and an "undercover mode" in the source code — details suggesting that Anthropic has built more behavioral control into the tool than has been communicated externally.

What does this mean? For enterprise users of Claude Code, security departments should log which versions are in use and assess exposure. For the rest of the industry, this is a powerful reminder that even the biggest players are sloppy with basic DevOps hygiene.

This is an early signal based on community sources from Hacker News and Twitter/X. No official statement from Anthropic has been confirmed as of publication time.