Claude Code Leaks Half-Million Lines
On March 30–31, 2026, Anthropic published @anthropic-ai/claude-code version 2.1.88 to the public npm registry with a 59.8 MB JavaScript source map bundled inside. The .map file mapped the minified production code back to roughly 512,000–513,000 lines of unobfuscated TypeScript across approximately 1,906 files, effectively shipping a readable blueprint of the application alongside the application itself. Zscaler noted the scale of the exposure.
Security researcher Chaofan Shou, posting as @Fried_rice, publicly disclosed the leak on X on March 31, 2026, writing that Claude code source had been leaked via a map file in their npm registry. The post amassed more than 28 million views. Within hours, the leaked codebase had been mirrored on GitHub in reconstructed repositories that surpassed 84,000 stars and 82,000 forks; Cybernews described one as the fastest-growing repository in GitHub's history.
Analysts picking through the roughly 512,000 lines found approximately 44 feature flags for unreleased functionality. These included KAIROS, a persistent autonomous background agent; BUDDY, a Tamagotchi-style terminal pet offered in 18 species variants; and ULTRAPLAN, a remote Opus 4.6 planning session lasting up to 30 minutes, alongside Voice Mode, Bridge Mode, and Multi-Agent Coordinator Mode. Analysts also found an anti-distillation mode designed to inject fake tools to poison competitor model training and client attestation via cryptographic billing headers.
Also present was a sentiment and frustration detector that relied on regex patterns matching strings such as wtf|ffs|shit, suggesting the coding assistant was prepared to gauge user irritation with lexical exactitude if not psychological nuance.
The root cause was a multi-factor packaging error. Bun issue #28001 tracks the bundler's behavior of generating source maps even when development: false is explicitly set. Anthropic compounded this by failing to exclude *.map in either .npmignore or the files field of package.json, and by running no CI check or manual review to catch a 59.8 MB cartographic artifact before publication. An AI coding tool built to manage repositories failed to audit its own.
Anthropic’s official statement framed the incident as "a release packaging issue caused by human error, not a security breach," adding that "no sensitive customer data or credentials were involved or exposed." The company then began issuing copyright takedown requests to suppress the mirrors, accidentally affecting roughly 8,100 repositories before retracting the scope to one repository and 96 forks. A firm that argues training AI on copyrighted material is fair use found its own intellectual property less eager to be freely distributed.
What the internet said
“Claude code source code has been leaked via a map file in their npm registry!”
“Claude Code creator Boris Cherny does exactly what a company should be doing, calm, open replies about today's leak. Confirming that this wasn't an issue with @bunjavascript and was a ... developer error. Not AI agent, developer.”
“The big loss for Anthropic here is how it reveals their product roadmap via feature flags. A big one is their unreleased 'assistant mode' with code name kairos.”
“How the hell is it 500k lines?”
“Thanks, I'll use this for teaching next week (on what not to do). BashTool.ts :D But, in general, I guess it just shows yet again that the emperor has no clothes.”
“I don't do business with people who lie to me.”
Where it stands
As of early April 2026, Anthropic maintains that no sensitive customer data or credentials were exposed, which addresses the narrowest version of the question. The mirrors, however, had already accumulated 84,000 stars and 82,000 forks, and the company's subsequent copyright takedown campaign—however brief—suggested that its commitment to freely available code lasts only until the code is its own. The bundler behavior that helped generate the leak is still documented in Bun issue #28001 for any publisher who wishes not to repeat the mistake.

