Skip to main content
SharkofPot
SharkofPot
  1. News/

Claude Code Source Code Was Leaked

·384 words·2 mins
News Software
Table of Contents

Status: Confirmed / Technical Debt Incident
Date: March 31, 2026
Package: @anthropic-ai/claude-code@2.1.88

Summary
#

Yesterday, Anthropic accidentally exposed the full TypeScript source for Claude Code via a misconfigured npm publish. The leak originated from a 60MB source map file (cli.js.map) included in the production build. Because the map contained the original source code inline, researchers were able to fully reconstruct the project structure—approximately 512,000 lines across 1,900 files.

How it Happened
#

  • The Root Cause: A failure in the .npmignore file. The build script (likely using Bun) generated debugging source maps that were not excluded from the final .tgz package sent to the npm registry.
  • The Trigger: Security researcher Chaofan Shou flagged the reachable r2.dev archive at ~4:00 AM UTC.
  • The Response: Anthropic pulled the version from npm and issued DMCA takedowns for GitHub mirrors, but the codebase has already been extensively cloned and archived.

The Technical “Guts” Exposed
#

The leak reveals exactly how Anthropic handles high-agency AI tasks:

  • The Agent Harness: The core logic for QueryEngine.ts (46k lines) and Tool.ts (29k lines) is now public. It shows how they gate permissions for bash, file writes, and LSP integration.
  • KAIROS & autoDream: The leak confirmed a hidden background daemon that runs “memory consolidation” while the user is idle, cleaning up context before the next session.
  • Undercover Mode: A specific system prompt that forces the AI to hide its identity and internal codenames (Capybara, Tengu) when contributing to public repos.
  • The Pet System: A surprisingly deep ASCII pet simulator hidden in the CLI, featuring 18 species with rarity tiers.

Security Advisory
#

The timing of this leak coincided with a separate supply-chain attack on the axios library.

* The Risk: If you ran npm install or npm update for Claude Code between 00:21 and 03:29 UTC on March 31, your environment might be compromised by a Remote Access Trojan (RAT) found in the malicious axios version live at that time.
* Action Required: Anthropic has deprecated the npm install method. You should uninstall the npm version, switch to the native installer, and rotate any API keys used during that window.

This wasn’t a hack, it was a “packaging error” that essentially open-sourced the most advanced AI agent architecture on the market. If you’re a developer, check your package.json and move to the native binary.