How to Audit Your npm Packages for Accidentally Included Source Maps (The Claude Code Lesson)
Today’s Claude Code source leak was a good reminder that shipping to npm is a security surface area that many developers don’t audit carefully enough. A 60MB .map file contained Anthropic’s entire CLI source. This guide shows you how to prevent the same thing from happening to your own packages. Why Source Maps Are the Hidden Risk Source maps (.js.map files) are generated by build tools like webpack, esbuild, Rollup, and Parcel to help with debugging. They map your compiled, minified output back to the original source. In development and CI, this is exactly what you want. ...