Voices
Claude Code Source Map Was Available in npm for 13 Months Before Discovery
Analysis by TheHuman2AI reveals the source map file in Anthropic's npm package has been present since at least early 2025, meaning the full Claude Code source was technically accessible for 13 months before anyone noticed. The article asks 'why didn't anyone look?' — highlighting that npm packages are rarely audited for source map leaks, and most security scanning tools focus on dependency vulnerabilities rather than first-party source exposure. This is a systemic build pipeline hygiene issue affecting every company shipping minified JavaScript.
Source
↳ Follow the thread