[Bug] v2.1.88 yanked release caused wasted session + significant token loss
Description
I updated Claude Code from v2.1.87 to v2.1.88 following the standard update procedure (npm install -g @anthropic-ai/claude-code@latest). The release turned out to be severely broken and was later yanked by Anthropic due to an accidental source code leak (59.8MB source map included in the package).
Problems encountered with v2.1.88
- Skills completely broken — slash commands were not discovered or executed
- MCP servers invisible — configured MCP servers (Supabase, Context7) were not detected
- Commands not discovered — custom commands from
.claude/commands/were not found - Overall instability — the entire session was unusable
Token loss estimate
1. Direct loss from v2.1.88 broken session
- Full work session wasted trying to use a non-functional release: estimated 50,000–80,000 tokens (input+output) on a session that produced zero useful work
- Recovery session: downgrade + full audit + integrity verification: estimated 30,000–50,000 additional tokens
- Subtotal: ~80,000–130,000 tokens wasted due to the broken release
2. Systemic loss from double/triple memory injection (weeks of sessions)
During the post-downgrade audit, I discovered that the hook documentation examples led to a silent token waste bug that had been active for weeks:
- Claude Code's auto-memory system already loads memory into context automatically
- Following hook documentation examples, I had SessionStart and PostCompact hooks also injecting the same memory via stdout
- Result: memory content loaded up to 3x per compaction cycle (auto-memory + SessionStart + PostCompact)
- Memory payload: ~252 tokens × 3 injections × 2-3 compactions/session = ~1,500 extra tokens/session
- Over ~30 days of heavy usage (3-5 sessions/day): ~135,000–225,000 tokens wasted silently
Total estimated token waste: ~215,000–355,000 tokens
Account identification (for Anthropic internal lookup)
- GitHub account: amicicixp
- Session IDs from incident date (2026-03-31):
1e30a636-9bae-4bf6-83d6-58ba89937d33(audit/recovery session — Downloads project)7da9a9fb-15f2-440c-9c5f-fd2eedfa31d0729ca726-dd48-4f62-a45b-9765aadcdd0dbc7a5355-f39a-40da-8334-d42f95f0e6085edb8908-04e1-4cc8-9df5-ac295a5fbcd8- Claude Code version: 2.1.87 (downgraded from 2.1.88)
- OS: macOS 15.4 (Darwin 25.4.0) — Apple Silicon
Request
I am requesting a manual token/credit reset for the tokens wasted due to:
- The broken v2.1.88 release (entirely Anthropic's fault — should not have been published)
- The misleading hook documentation that caused silent double/triple memory injection for weeks
The update was performed following official instructions. No productive work was possible with v2.1.88. The memory injection bug was caused by documentation that does not warn users that hook stdout = token consumption, and that auto-memory already handles loading.
Suggestions for Anthropic
- Hook documentation should explicitly warn that stdout from hooks consumes tokens
- Auto-memory deduplication — if the same content is injected multiple times, deduplicate it
- Release testing — v2.1.88 had fundamental features broken (skills, MCP, commands) that should have been caught in basic QA
Environment
- OS: macOS 15.4 (Darwin 25.4.0)
- Platform: Apple Silicon (arm64)
- Broken version: 2.1.88 (yanked)
- Current version: 2.1.87 (stable, downgraded)
- Node: v22.x
- Package manager: npm 11.12.1
Related
- This appears related to the broader token consumption issues reported in #41662 and #41663
- The v2.1.88 source code leak was discussed in multiple community threads
This issue has 14 comments on GitHub. Read the full discussion on GitHub ↗