Anthropic Accidentally Leaked Claude Code Source — Here's What Actually Happened
aiThursday, 02 April 2026 at 09:48
On March 31, Anthropic accidentally included a source map file in version 2.1.88 of the Claude Code npm package. That file gave anyone who downloaded it access to the full TypeScript codebase — nearly 2,000 files and over 512,000 lines of code. Within hours it was spreading across GitHub.
Anthropic confirmed it quickly. Human error. No customer data exposed.
Key Points
- Claude Code version 2.1.88 accidentally bundled a source map file exposing 512,000+ lines of TypeScript source code via npm
- Security researcher Chaofan Shou was first to flag it publicly — his post accumulated over 28 million views on X
- Anthropic filed DMCA takedowns affecting over 8,100 GitHub repositories, including legitimate forks of its own public repo — later acknowledged as unintentional
- The leaked codebase surpassed 84,000 GitHub stars — spin-off projects like OpenCode emerged from the exposure
- Anthropic confirmed no sensitive customer data or credentials were involved — described as a packaging error, not a security breach
How It Actually Happened
A debugging file got accidentally bundled into a routine npm update. That file pointed to a zip archive on Anthropic's own cloud storage containing the complete Claude Code source. Anyone who downloaded the package update could reconstruct the full codebase.
Anthropic confirmed the incident directly: "No sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach."
The version was pulled from npm quickly. The damage was already done.
The DMCA Response Made Things Worse
Anthropic issued a takedown notice asking GitHub to remove repositories containing the leaked code. The notice was executed against some 8,100 repositories — including legitimate forks of Anthropic's own publicly released Claude Code repository.
Anthropic engineer Boris Cherny later acknowledged the notices hit legitimate forks unintentionally: "This was not intentional, we've been working with GitHub to fix it."
Getting a DMCA notice for forking a public repository — with no leaked code present — understandably frustrated a lot of developers.
What the Leaked Code Revealed
The source code provided a rare look at Anthropic's internal model roadmap. The leak confirms that Capybara is the internal codename for a Claude 4.6 variant, with Fennec mapping to Opus 4.6 and the unreleased Numbat still in testing.
The code also revealed "KAIROS" — mentioned over 150 times — representing an autonomous daemon mode allowing Claude Code to operate as an always-on background agent performing memory consolidation while users are idle.
A Separate Security Warning
Separately, users who installed or updated Claude Code via npm on March 31 between 00:21 and 03:49 UTC may have pulled a trojanized version of the axios HTTP client containing a remote access trojan. Users are advised to immediately downgrade to a safe version and rotate all secrets.
That's a separate incident from the source leak — but the timing made an already bad day considerably worse.
Popular News
Latest News
Loading
