🧬 Related Insights?

- **Read more:** [Why Your AI Models Are Stuck in 2015: The Infrastructure Crisis Nobody's Fixing](https://opensourcebeat.com/article/why-your-ai-models-are-stuck-in-2015-the-infrastructure-crisis-nobodys-fixing/) - **Read more:** [Why Go Shops Are Adding Cross-Chain Swaps—And Why Most Will Get It Wrong](https://opensourcebeat.com/article/why-go-shops-are-adding-cross-chain-swapsand-why-most-will-get-it-wrong/) Frequently Asked Questions **What caused Anthropic's massive code leak?** Forgotten .npmignore entry let Bun-generated source maps ship publicly, exposing 512k lines and a R2 ZIP bucket. **How do I prevent source map leaks in my npm packages?** Add *.map and dist/*.map to .npmignore, run npm pack --dry-run, and disable maps in prod bundlers like Bun or webpack. **Will this kill Anthropic's valuation?** Likely tanks it short-term; long-term, forked code erodes their IP moat, inviting copycats.

🔒 Security & Privacy

Anthropic's One-Line Fumble Leaks Billions in Code

Anthropic's safety obsession? Crumbled on a source map. One missing line handed rivals their crown jewels.

theAIcatchup Apr 03, 2026 3 min read 47 views

Broken lock on Anthropic code vault with npm package spilling source files

⚡ Key Takeaways

One missing .npmignore line leaked Anthropic's entire Claude Code codebase to npm users. 𝕏
Exposed features like spying agents and git-liars reveal hypocrisy in their 'AI safety' brand. 𝕏
Audit your pipelines now — no one's immune to basic packaging blunders. 𝕏

Published by

theAIcatchup

Community-driven. Code-first.

#Claude Code exposure

Worth sharing?

Get the best Open Source stories of the week in your inbox — no noise, no spam.

Originally reported by Dev.to

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

React Server Components' Perfect-Score RCE Flaw Exposes Millions of Apps

Math.random() Bombs Your Next Security Audit

Ethical Hacking's Gold Rush: Skills Shortage Hits $10 Trillion Mark

WAIaaS Delivers Instant Push and Telegram Approvals for Rampaging AI Crypto Agents

Stay in the loop