๐Ÿ  Home โšก AI Tools ๐Ÿ›ก๏ธ VPN & Privacy โ‚ฟ Blockchain ๐Ÿ“ฑ Gadgets About Privacy Policy Contact
โ—‰ Live
๐Ÿ†• Google Gemma 4: Most capable free open-source AI โ—† ๐Ÿ“‰ Bitcoin drops on Liberation Day tariffs โ—† ๐Ÿค– Microsoft launches MAI-Transcribe-1 and MAI-Voice-1 โ—† ๐ŸŽ MacBook Air M5 and iPad Air M4 launched
๐Ÿ”ด Breaking โ€” April 1-2, 2026

Anthropic Claude Code Source Code Leaked: 512,000 Lines Accidentally Published on npm โ€” What Developers Must Know

๐Ÿ”ด April 1-2, 2026 โœ๏ธ VIP72 AI Desk โฑ 10 min read ๐Ÿ“ Verified: Bloomberg, VentureBeat, Hacker News ๐Ÿ“Š 28M X Views ยท 84K GitHub Stars
๐Ÿ”ด Verified โ€” What Happened

On March 31, 2026, Anthropic accidentally shipped a .map source file inside Claude Code npm package v2.1.88 โ€” exposing 512,000 lines of TypeScript source code. The X post announcing it got 28.8 million views. GitHub mirror: 84,000+ stars. Anthropic confirmed: "human error, not a security breach." No customer data exposed. A separate axios supply chain attack also occurred the same day โ€” check if you're affected.

Table of Contents
  1. How It Happened โ€” Technical Explanation
  2. What the Leaked Code Revealed
  3. The Separate Supply Chain Attack (Axios)
  4. What This Means for Developers
  5. Anthropic's Response
  6. FAQ

This is one of the most significant accidental source code leaks in AI history. Anthropic โ€” the company behind Claude, valued at $380 billion โ€” accidentally included a JavaScript source map file inside its Claude Code CLI tool's npm package. Source maps are debugging artifacts that reconstruct original source code from minified output. In a public npm package, they expose everything โ€” architecture, internal logic, unreleased features, and trade secrets โ€” to anyone who installs the package.

How It Happened โ€” Technical Explanation

Anthropic published Claude Code version 2.1.88 to the npm registry on March 31, 2026. The package was minified as expected for a closed-source tool, but the build pipeline accidentally included a cli.js.map file โ€” a 59.8 MB source map that completely reconstructs the original TypeScript source. Security researcher Chaofan Shou (@Fried_rice on X) spotted it at 8:23 AM UTC on March 31 and posted publicly. Within hours, thousands of developers had downloaded, mirrored, and analyzed the code.

  • Package: @anthropic-ai/claude-code version 2.1.88
  • What leaked: ~2,000 TypeScript files, 512,000 lines of source code (59.8 MB .map file)
  • Discovery post views: 28.8 million on X
  • GitHub mirror: 84,000+ stars, 82,000+ forks before takedown requests
  • Anthropic response: Pulled package; issued 8,000+ takedown requests (later narrowed to 96)

What the Leaked Code Revealed

Developers who analyzed the code found remarkable details about how Claude Code actually operates internally:

  • KAIROS background agent mode: Mentioned 150+ times โ€” allows Claude Code to run as an always-on daemon, handling tasks autonomously while the user is idle, consolidating memory via "autoDream," and sending push notifications. Not yet publicly shipped.
  • Internal model codenames: "Capybara" (Claude 4.6 variant), "Fennec" (Opus 4.6), "Numbat" (unreleased). Internal comments reveal a 29-30% false claims rate in Capybara v8.
  • Undercover mode (undercover.ts): Instructs Claude Code to never mention internal codenames, Slack channels, or "Claude Code" itself when working in non-internal repositories. AI-authored commits have no indication an AI wrote them.
  • Anti-distillation poisoning: Injects fake tool definitions into API responses if competitors attempt to scrape outputs to train their own models.
  • 44 feature flags: For fully built but unreleased features โ€” including 20 unshipped capabilities.
  • 187 "spinner verbs": The phrases served while working through tasks, plus a regex filter detecting swear words in user prompts.
"The timing couldn't come at a worse time for Anthropic. Claude Code's run-rate revenue had reached $2.5 billion as of February. The source code exposure hands rivals a detailed map of design logic underlying a product they have been racing to replicate." โ€” VentureBeat, April 1, 2026

The Separate Supply Chain Attack (Axios) โ€” Urgent

Separately from the source code leak, a concurrent supply chain attack compromised the axios npm package (a Claude Code dependency). Developers who updated Claude Code on March 31, 2026 between 00:21 and 03:29 UTC may have pulled a malicious version containing a Remote Access Trojan.

Check now if you're affected: Look in your package-lock.json or yarn.lock for axios versions 1.14.1 or 0.30.4, or the dependency plain-crypto-js. If found: immediately downgrade and rotate all credentials.

What This Means For You

  • Individual developers: No immediate security risk from the source code leak itself. The axios supply chain attack is the actionable concern.
  • Enterprise Claude Code users: Audit any Claude Code activity from March 31. No API keys or customer data were in the source code leak.
  • Competitors (OpenAI, Google): Now have architectural details of one of the most commercially successful AI coding tools.
  • Security researchers: The leaked architecture reveals the exact orchestration logic โ€” enabling more targeted attack research.

Anthropic confirmed: "No sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach. We're rolling out measures to prevent this from happening again."

V
VIP72 AI Desk
AI & Technology News Team
VIP72's AI news team monitors breaking developments from Anthropic, OpenAI, Google DeepMind, and the broader AI industry. All reports are verified against primary sources before publication.

Frequently Asked Questions

Questions developers are asking about the Claude Code leak

Anthropic confirmed no customer data or credentials were exposed in the source code leak. The leaked file was source code โ€” how the tool is built โ€” not user data. The exception: if you updated Claude Code via npm on March 31, 2026 between 00:21โ€“03:29 UTC, check for the compromised axios package (versions 1.14.1 or 0.30.4) which could have installed a Remote Access Trojan on your system.
A source map is a debugging file generated by JavaScript/TypeScript build tools that maps minified (compressed) code back to the original readable source. When accidentally shipped in a public npm package, anyone who downloads that package can reconstruct 512,000 lines of Anthropic's proprietary source code โ€” including architecture, unreleased features, and trade secrets โ€” with no hacking required. It's equivalent to accidentally publishing your company's entire private GitHub repository.
KAIROS (from Ancient Greek meaning "the right time") is an unreleased Claude Code feature enabling autonomous daemon mode โ€” Claude Code running persistently in the background without waiting for user interaction. In this mode it performs "autoDream" memory consolidation (merging observations, removing contradictions, converting vague insights to concrete facts) while the user is idle, and sends push notifications about completed tasks. It represents a shift from reactive AI coding assistance to proactive background AI agents.
The leak itself doesn't make Claude Code less useful or secure for everyday development. No user data was exposed. The supply chain attack only affects users who updated in a specific 3-hour window on March 31. The bigger question is competitive: now that rivals have Claude Code's architectural blueprint, tools like GitHub Copilot, Cursor, and OpenAI Codex may close the feature gap faster. If you prefer alternatives, Cursor and GitHub Copilot remain strong choices.

๐Ÿ“– Related Articles

AI Policy
Federal Judge Blocks Anthropic AI Ban in Government
April 2026
AI Comparison
Claude 5 vs GPT-6 vs Gemini 3: 2026 Verdict
March 2026
AI Agents
AI Agents in 2026: Autonomous AI Explained
March 2026
Advertisement
728ร—90