← Back to stories Close-up of office workers engaged in a tech project at a modern workplace.
Photo by cottonbro studio on Pexels
凤凰科技 2026-04-02

Anthropic’s accidental sourcemap leak sparked a DMCA cascade that knocked hundreds of forks offline

What happened

A simple build artefact turned into a major cleanup. It has been reported that a recent npm release of Anthropic’s Claude Code command‑line tool included a file named package/cli.js.map — a source map that can be used to reconstruct original, human‑readable code from compiled JavaScript. Reportedly, investigators and hobbyist developers were subsequently able to extract as much as 512,000 lines of source, internal model codenames and parts of the company roadmap. Anthropic moved quickly to issue DMCA takedown requests to stem the spread.

The takedown cascade

The DMCA move had wider consequences than intended. GitHub’s handling of takedowns at fork‑network level meant that roughly 8,100 repositories were initially affected — not only the repos containing the leaked material but many legitimate public forks and derivative projects. It has been reported that Anthropic later withdrew most of those requests, leaving one repository and 96 forks targeted, and GitHub restored access to the rest. How did a single sourcemap generate such a broad disruption? Because fork networks on GitHub are legally and technically treated as linked, enforcement can sweep up repositories that are otherwise clean.

Aftermath, fixes and IPO worries

Anthropic pushed fixes in Claude Code 2.1.90: the problematic sourcemap was removed, default access to local DNS caches was disabled, and PowerShell execution and permission checks were hardened. Reportedly the company opted not to publicly sack the engineers involved, framing the incident as a systems and process failure rather than individual negligence. That choice matters: Anthropic is reportedly preparing for an IPO, and such incidents draw scrutiny about operational controls and compliance — exactly the kind of governance investors and regulators will probe. In a broader sense, the episode is a reminder that simple packaging errors can have outsized effects in the fast‑moving, high‑stakes AI sector.

AISpace
View original source →