Thanks to visit codestin.com
Credit goes to clawd.rip

Reliability Incident 24 of 41

Claude Code Leaks Half-Million Lines

On March 30–31, 2026, Anthropic published @anthropic-ai/claude-code version 2.1.88 to the public npm registry with a 59.8 MB JavaScript source map bundled inside. The .map file mapped the minified production code back to roughly 512,000–513,000 lines of unobfuscated TypeScript across approximately 1,906 files, effectively shipping a readable blueprint of the application alongside the application itself. Zscaler noted the scale of the exposure.

Security researcher Chaofan Shou, posting as @Fried_rice, publicly disclosed the leak on X on March 31, 2026, writing that Claude code source had been leaked via a map file in their npm registry. The post amassed more than 28 million views. Within hours, the leaked codebase had been mirrored on GitHub in reconstructed repositories that surpassed 84,000 stars and 82,000 forks; Cybernews described one as the fastest-growing repository in GitHub's history.

Analysts picking through the roughly 512,000 lines found approximately 44 feature flags for unreleased functionality. These included KAIROS, a persistent autonomous background agent; BUDDY, a Tamagotchi-style terminal pet offered in 18 species variants; and ULTRAPLAN, a remote Opus 4.6 planning session lasting up to 30 minutes, alongside Voice Mode, Bridge Mode, and Multi-Agent Coordinator Mode. Analysts also found an anti-distillation mode designed to inject fake tools to poison competitor model training and client attestation via cryptographic billing headers.

Also present was a sentiment and frustration detector that relied on regex patterns matching strings such as wtf|ffs|shit, suggesting the coding assistant was prepared to gauge user irritation with lexical exactitude if not psychological nuance.

The root cause was a multi-factor packaging error. Bun issue #28001 tracks the bundler's behavior of generating source maps even when development: false is explicitly set. Anthropic compounded this by failing to exclude *.map in either .npmignore or the files field of package.json, and by running no CI check or manual review to catch a 59.8 MB cartographic artifact before publication. An AI coding tool built to manage repositories failed to audit its own.

Anthropic’s official statement framed the incident as "a release packaging issue caused by human error, not a security breach," adding that "no sensitive customer data or credentials were involved or exposed." The company then began issuing copyright takedown requests to suppress the mirrors, accidentally affecting roughly 8,100 repositories before retracting the scope to one repository and 96 forks. A firm that argues training AI on copyrighted material is fair use found its own intellectual property less eager to be freely distributed.

What the internet said

Where it stands

As of early April 2026, Anthropic maintains that no sensitive customer data or credentials were exposed, which addresses the narrowest version of the question. The mirrors, however, had already accumulated 84,000 stars and 82,000 forks, and the company's subsequent copyright takedown campaign—however brief—suggested that its commitment to freely available code lasts only until the code is its own. The bundler behavior that helped generate the leak is still documented in Bun issue #28001 for any publisher who wishes not to repeat the mistake.

Sources