Anthropic accidentally shipped a 60MB source map inside npm package v2.1.88 that tied bundled production files back to roughly 512,000 lines of original TypeScript across about 1,900 files. The company’s follow‑up DMCA notices briefly disabled more than 8,100 GitHub repositories, a response that turned a deployment error into a platform‑scale enforcement incident.

How a build artifact became full source

The leak came from a missing exclusion in Anthropic’s build pipeline: the Bun toolkit configuration never stripped source maps from the production bundle. The included map and associated sourcemap links revealed internal names, unreleased features and the TypeScript sources that had been compiled into the published JavaScript. The specific package was npm v2.1.88; the resulting file dump measured about 60MB and, according to repository analysis, amounted to roughly half a million lines of code.

Why the takedown looked broader than the underlying leak

Anthropic issued DMCA notices aimed at the original leaked repo and forks that contained the exposed source, but GitHub’s takedown action initially disabled over 8,100 repositories — a sweep that included unrelated forks of Anthropic’s public Claude Code repo. Boris Cherny, Anthropic’s head of Claude Code, later acknowledged that enforcement had overreached and coordinated retractions that narrowed notices down to a single repository and 96 forks directly implicated in the leak. That back‑and‑forth shows the difference between a legal target and the blunt effects of automated takedown tooling.

Recommended Reading

When 0x80073712 appears: Microsoft’s pull of KB5079391 and replacement KB5086672 underline persistent Windows update validation gaps

Microsoft pulled the Windows 11 optional preview update KB5079391 within hours of its March 26, 2026 release after installation failures surfaced with error 0x80073712, and then issued an out‑of‑band replacement, KB5086672, on March 31, 2026. That rapid pull‑and‑replace sequence makes clear that update validation still struggles to catch certain failures at scale, even with phased […]

When 0x80073712 appears: Microsoft’s pull of KB5079391 and replacement KB5086672 underline persistent Windows update validation gaps

Mirrors, rewrites and the community response

Developers reacted in two distinct ways: mass mirroring of the exposed materials, which kept the original content circulating, and rapid clean‑room rewrites, which reimplemented functionality without copying the leaked text. One notable example is “claw-code,” a Python‑based clean‑room project created to avoid direct copyright exposure and therefore remain accessible where copied repos could be taken down.

Operational weak points and the practical checkpoint

This episode highlights two concrete operational failures: incomplete release automation and an IP‑enforcement workflow that defaulted to broad removal. Anthropic had a prior bug report warning that source maps were making it into production; the missing Bun exclusion line was a single small configuration omission with outsized consequences. The immediate practical question is whether Anthropic will harden CI/CD guards (explicit source‑map exclusion checks, prepublish validations, signed release artifacts) and revise escalation rules so takedowns target only provably infringing copies rather than sweeping related public forks.

Outside the company, developers and platform operators should treat three signals as checkpoints: presence of large source‑map files in published packages, sudden spikes in dependent package downloads during a leak window (which can amplify supply‑chain exposure), and rapid DMCA activity that correlates with automated enforcement rather than manual triage. The incident also intersected with a concurrent npm supply‑chain compromise that injected malicious versions into Claude Code’s dependency chain — a reminder that accidental leaks and malicious injections can compound risk within the same short timeframe.

Short Q&A

Will Anthropic try to scrub clean‑room rewrites? Publicly, Anthropic limited enforcement to one repo and 96 forks and has not pursued clean‑room rewrites; pursuing reimplementations raises higher legal and technical hurdles.

Could this have been avoided with automation? Yes: explicit prepublish checks for source maps, automated CI rules to fail a release if artifacts reference original source files, and signed releases reduce the single‑point human error that caused this.

What should developers watch next? Watch for revised release tooling from Anthropic, changes to GitHub’s takedown filters after this incident, and any regulatory or investor disclosures tied to the company’s IPO preparations or incident response filings.