🧭 Claude Code’s Full Source Code Leaked via npm Source Map
On March 31, security researcher Chaofan Shou publicly disclosed that the complete unobfuscated TypeScript source code of the Claude Code CLI had been inadvertently shipped inside the published npm package. The culprit: a standard JavaScript source map file (cli.js.map) included in the @anthropic-ai/claude-code package whose sourcesContent field contained every original .ts and .tsx file verbatim. Anyone who had installed the package had, without knowing it, downloaded Anthropic's entire private codebase for Claude Code.
The "Undercover Mode" irony
What made the disclosure particularly striking was that the leaked source revealed Anthropic had built a feature called "Undercover Mode" — a mechanism specifically designed to prevent the accidental exposure of internal system prompts and sensitive configuration when Claude Code is running in certain environments. The code intended to protect Anthropic's internal information was itself publicly exposed through a different, overlooked channel.
What the leaked source revealed
- The full TypeScript implementation of the Claude Code CLI, including agent loop logic, tool invocation handlers, and permission relay code.
- Internal feature flags and experimental code paths not yet exposed in the public CLI.
- The Undercover Mode implementation and the list of triggers that activate it.
- Comments and internal documentation that had never been intended for public view.
Anthropic’s response
Anthropic acknowledged the disclosure and moved quickly to publish a patched version of the npm package with source maps excluded. The company noted that no API keys, user data, or production secrets were exposed — the leak was source code only. GitHub mirrors created for research purposes remained accessible.
claude code
security
npm
source maps
disclosure
🧭 Microsoft Revamps Copilot with Claude — A Multi-Model Future Takes Shape
On the same day as the source map story, Fortune reported that Microsoft has significantly upgraded Copilot to use Claude alongside GPT in a tandem architecture. Under the new design, GPT generates draft responses while Claude acts as a critique and verification layer — reviewing each draft for completeness, factual accuracy, and citation quality before the response is delivered to the user. The arrangement positions Anthropic as essential reliability infrastructure inside Microsoft's enterprise AI stack.
Why this matters architecturally
The Microsoft design is a concrete, large-scale deployment of a pattern the AI community has been discussing in theory: using different models' distinct strengths in a pipeline rather than betting everything on a single model. GPT's breadth and speed handles first-pass generation; Claude's reasoning and citation discipline handles quality control. Neither model does everything; each does what it does best.
Implications for Anthropic
- Revenue diversification: The Copilot integration gives Anthropic a high-volume inference channel through Microsoft's enterprise customer base — separate from its direct Claude.ai subscription revenue.
- Trust signal: Microsoft choosing Claude for the verification role (rather than another GPT variant) is a public endorsement of Claude's reliability and accuracy characteristics.
- Multi-model becomes mainstream: When a product used by hundreds of millions of people ships with a multi-model architecture, it normalises the pattern. Expect other major platforms to follow with their own model-mixing strategies in 2026.
Lesson for your own builds
If you are building agentic pipelines, the Microsoft pattern is worth studying: use a fast/cheap model for drafting, and route the output through a more careful model for a structured critique pass. The cost of the second pass is offset by the quality improvement and reduced hallucination risk in the final output.
Microsoft
Copilot
multi-model
enterprise
partnerships
🧭 Don’t Ship What You Don’t Mean To — Source Map Security for npm Publishers
The Claude Code source map incident is, at its core, a well-known npm publishing footgun that trips up teams across the industry. Source maps are invaluable during development — they let you debug minified code against the original TypeScript. But they have no business being inside a published npm package unless you explicitly intend to ship your source. Here is how to prevent the same mistake in your own packages.
Option 1 — Exclude in .npmignore
# .npmignore
**/*.map
**/*.js.map
**/*.css.map
Option 2 — Use the files field in package.json (preferred)
The files allowlist is safer than .npmignore because it opts-in only what you want to ship, rather than trying to remember every file type to exclude.
{
"files": [
"dist/**/*.js",
"dist/**/*.d.ts",
"README.md",
"LICENSE"
]
}
Option 3 — Build-step flag
If you use esbuild, webpack, or Rollup, disable source map generation in your production build config and keep it only in your development/watch build:
# esbuild production
esbuild src/index.ts --bundle --outfile=dist/cli.js --sourcemap=false
# webpack
devtool: process.env.NODE_ENV === 'production' ? false : 'source-map'
Verify before publishing
Run npm pack --dry-run before every release. It lists every file that will be included in the tarball — if you see a .map file, fix it before publishing. This one command would have caught the Claude Code issue before it shipped.
Source maps are not the only risk
While you are auditing your npm pack output, also look for .env files, credential configs, internal test fixtures, and any file that contains paths or comments that reveal internal infrastructure. The files allowlist approach eliminates all of these in one step.
npm
security
source maps
publishing
developer tips
