Summary of "Tragic mistake... Anthropic leaks Claude’s source code"

Key incident

On April 1, 2026 Anthropic accidentally published a 57 MB source‑map with the v2.1.88 release of the “Claude Code” package on npm, exposing roughly 500,000 lines of readable TypeScript. Security researcher Chiao Fan Sha discovered the leak within minutes; the code was widely mirrored before Anthropic’s DMCA takedowns could contain it.

Details:

Release: v2.1.88
Artifact: 57 MB source‑map (full readable TypeScript)
Scale: ~500,000 lines of code
Discovery: Chiao Fan Sha (within minutes)
Containment: widespread mirroring prior to DMCA takedowns

How the leak likely happened

Possible causes identified:

A packaged source map was accidentally shipped in an npm release.
Bun.js (recently acquired by Anthropic) serving source maps in production — a recent GitHub issue flagged this behavior.
Build misconfiguration or human error (or, less likely, an intentional act).

Bun.js was highlighted as a probable vector due to its recent acquisition and known issues around source‑map handling.

High‑level architecture and code quality

Claude Code is a complex TypeScript system rather than a single monolithic model. The community site “vibecoded” visualized an 11‑step input→output pipeline.
Heavy use of hard‑coded strings: many explicit guardrails, instructions, and “system prompt” material are baked into the codebase.
Large number of comments (more than typical); comments appear to be written to guide the model itself and are used as prompts in AI coding loops.
Standard libraries are used (e.g., Axios). This raises a potential risk vector because Axios was recently subject to a compromise that can deliver remote access Trojans.

Security and anti‑copy measures discovered

Anti‑distillation “poison pills”: deliberate fabrications of references to non‑existent tools intended to sabotage downstream models that train on Claude’s outputs.
“Undercover mode”: instructions to avoid mentioning the model in commit messages or outputs, likely to make AI outputs appear human and mask Claude’s use in public projects.
Regex‑based frustration detector: simple regular expression matching on prompts to detect user frustration and log events (not advanced sentiment analysis).
Numerous feature flags and internal names that reveal product roadmap and hidden capabilities — a significant leak for product secrecy and IP.

Notable functional discoveries

Bash tool: a large (~1,000+ lines) utility for parsing/executing bash commands reliably — likely critical for Claude when acting as a coding assistant.
External tools: Claude reportedly integrates ~25 external tools; the leak enumerated them, aiding competitors and distillers.
Background agent features: references to agents such as “Chyus” that keep daily journals, “dream mode” to consolidate memories, and scheduled background work.
Other surfaced feature/flag names: Buddy (Tamagotchi‑style companion), Opus 4.7, Capiara (possible new or teased model), ultra plan, coordinator mode, demon mode — exposing roadmap items and unreleased capabilities.

Community reaction and forks

The code was quickly mirrored and repurposed by the community.
Notable forks/projects:
- Claw Code — a fast‑growing GitHub repo created by converting the TypeScript code to Python using code‑generation tools.
- OpenClaw — adaptations running the code with alternative models.
- Fireship (YouTuber) and others mirrored/covered the leak and tools.
These forks accelerated public access to Claude’s internal logic despite DMCA takedowns.

Risks and implications

Intellectual property and roadmap exposure: leakage spoils secrecy and could impact Anthropic’s product and IPO plans.
Operational security risk: dependencies (e.g., Axios) could be exploited if servers or build environments were compromised.
Competitive risk: anti‑distillation techniques can be studied, analyzed, and potentially defeated; exposed guardrails turn a “black box” into a blueprint.
Cautionary reminder: private apps and internal artifacts can become public via a single npm publish error.

Notable resources and sources

Security researcher: Chiao Fan Sha (discovered the leak)
Community analyses: vibecoded (breaks down the 11‑step pipeline)
Forks / projects: Claw Code, OpenClaw
Media / coverage: Fireship (content creator), The Code Report (YouTube channel/narrator)
Primary actor: Anthropic (company and referenced internal artifacts)