Anthropic Accidentally Leaks Claude Code Source in Packaging Error
Release 2.1.88 exposed nearly 2,000 files and 512,000+ lines, prompting public analysis and company fixes.
Overview
Anthropic acknowledged that a Claude Code 2.1.88 release included internal source code—nearly 2,000 TypeScript files and more than 512,000 lines—after a security researcher posted a link on X.
The exposed source map let developers reconstruct Claude Code’s architecture and prompted immediate public analysis of its memory architecture and unreleased features.
Anthropic said the incident was a release packaging issue caused by human error, that no sensitive customer data or credentials were involved, and that it is rolling out measures to prevent recurrence.
The leak followed a separate reported incident that exposed nearly 3,000 internal files, the X post drew more than 21 million views, and the repository was forked tens of thousands to more than 50,000 times.
Developers continue to dissect the code while analysts flagged risks to guardrails, and Anthropic said it was fixing the release as it addresses operational processes ahead of its initial public offering, according to reports.
Analysis
Center-leaning sources frame the leak as an accidental, limited-impact failure that emphasizes technical curiosity and competitive consequences while minimizing security alarm. They foreground Anthropic's human-error denial of a breach, highlight archival scale (files, forks), and omit independent security assessment, producing a narrative focused on engineering mishap and industry implications.