Anthropic's Claude Code Source Code Accidentally Leaked Through npm Package
On March 31, Anthropic inadvertently exposed the complete source code of Claude Code, its flagship AI coding agent, through a 59.8 MB JavaScript source map file bundled in the public npm package @anthropic-ai/claude-code version 2.1.88. The issue was first identified by security researcher Chaofan Shou on X, leading to rapid dissemination of the leaked data. The file contained approximately 513,000 lines of unobfuscated TypeScript across 1,906 files, unveiling the entire client-side agent harness.
Leaked Code Details and Unreleased Features
Developers examining the leaked data discovered more than just clean engineering. The code included several unreleased features that Anthropic had been developing behind compile-time feature flags. One feature, codenamed Kairos, appears to be an always-on background agent with memory consolidation, essentially a version of Claude that never fully switches off. Another is a full companion pet system called Buddy, complete with 18 species, rarity tiers, shiny variants, and stat distributions.
The leak also mentioned an Undercover Mode, described as auto-activating for Anthropic employees on public repositories, which strips AI attribution from commits with no visible off switch. Additionally, Coordinator Mode turns Claude into a central system that manages multiple worker agents simultaneously, while Auto Mode uses an AI classifier to silently approve tool permissions, removing the usual confirmation prompts.
Engineering Insights and Codebase Analysis
Beyond hidden features, the leak provided a rare glimpse into how a well-funded AI product is built under pressure. The main user interface is a single React component with over 5,005 lines of code containing 68 state hooks, 43 effects, and JSX nesting that goes 22 levels deep. Engineers noted a TODO comment next to a disabled lint rule on line 4114. The entry point file, main.tsx, runs to 4,683 lines and handles everything from OAuth login to mobile device management.
Sixty-one separate files contain explicit comments about circular dependency workarounds. A type name used over 1,000 times across the codebase reads: AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS. One standout detail is that the word "duck" is encoded in hexadecimal—String.fromCharCode(0x64,0x75,0x63,0x6b)—because the string apparently collides with an internal model codename that Anthropic's CI pipeline scans for, leading to hex encoding for every animal species in the pet system.
Anthropic's Response and Human Error Blame
Anthropic attributed the leak to human error, describing it as a release packaging issue rather than a security breach. A company spokesperson stated, "No sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach. We're rolling out measures to prevent this from happening again." Claude Code creator Boris Cherny confirmed on X that a manual deploy step was not executed correctly, emphasizing that the problem was error-prone infrastructure, not the individual responsible.
Impact on Anthropic and Competitive Landscape
The leak poses significant challenges for Anthropic, potentially damaging its image as a safety-focused AI company and exposing sensitive internal technology amid intensifying competition for enterprise customers. According to a Wall Street Journal report, the source code includes proprietary techniques and tools, referred to as a "harness," which competitors and startups could now copy without reverse-engineering. Claude Code has been gaining popularity among developers and played a key role in Anthropic's recent funding round valuing the company at $380 billion.
Global Developer Reactions and Python Rewrite
Chinese developers have been actively exploring the leaked code, with forums seeing millions of views on topics related to the incident. Meanwhile, a programmer used AI tools to rewrite Claude Code's instructions in Python, claiming it avoids copyright infringement as a full rewrite in a different language. This version remains available on platforms like GitHub, highlighting difficulties in protecting closed-source code in the AI era.
Historical Context and Future Implications
This incident is not isolated; a previous Fortune report mentioned a leak exposing nearly 3,000 files, including details on an upcoming model called "Mythos" or "Capybara." The Claude Code leak suggests Anthropic's roadmap includes features like Kairos for persistent memory and Undercover Mode for anonymous contributions. Despite Anthropic's efforts to remove the code via legal notices, it continues to circulate, underscoring vulnerabilities in AI development and deployment processes.
