claude-code-leak-complete-guide
Health Warn
- No license — Repository has no license file
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 6 GitHub stars
Code Pass
- Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
- Permissions — No dangerous permissions requested
No AI report is available for this listing yet.
Complete documentation and technical analysis of the Claude Code source code leak - 512,000+ lines exposed via npm source map. Everything you need to know about this historic AI industry incident.
Claude Code Source Code Leak
Complete Guide & Documentation
What Happened?
On March 31, 2026, Anthropic accidentally leaked the entire source code of their popular AI coding assistant Claude Code through their npm registry. The leak occurred when a 59.8 MB source map file (.map) was inadvertently included in version 2.1.88 of the @anthropic/claude-code npm package.
BREAKING: The entire proprietary source code of one of the most popular AI coding assistants has been exposed to the public.
Table of Contents
- What Happened?
- The Technical Details
- Repository Contents
- Leaked Source Code
- Clean Room Rust Implementation
- Key Discoveries
- Timeline of Events
- Security Implications
- Frequently Asked Questions
- Resources & References
What Happened?
On March 31, 2026, Anthropic accidentally leaked the entire source code of their popular AI coding assistant Claude Code through their npm registry. The leak occurred when a 59.8 MB source map file (.map) was inadvertently included in version 2.1.88 of the @anthropic/claude-code npm package.
This incident exposed approximately 512,000+ lines of TypeScript source code, revealing internal architectures, secret features, system prompts, and development tools that Anthropic had never intended to make public.
BREAKING: The entire proprietary source code of one of the most popular AI coding assistants has been exposed to the public.
The Technical Details
How Source Maps Work
Source maps are debugging artifacts generated during the build process. They create a mapping between:
Minified Production Code <-> Original Source Code
Why This Leak Happened
The source map file contained a critical field called sourcesContent - an array that embeds the entire original source code of each file as plain text strings within a JSON structure:
{
"version": 3,
"file": "bundle.js",
"sources": ["../src/main.ts", "../src/tools/..."],
"sourcesContent": [
"// All your original TypeScript code here",
"// Every file, comment, and constant",
"// Exposed in plain text"
],
"mappings": "AAAA,SAAS,OAAO,CAAC,..."
}
What Anthropic Missed
- No
.npmignorefile to exclude source maps - No
filesfield inpackage.jsonto whitelist allowed files - Source maps in production builds (should only be in development)
Repository Contents
This repository contains 248 files of source code and documentation:
| Directory | Description | Files |
|---|---|---|
leaked-source/ |
Original TypeScript source code from the leak | 87+ files |
clean-room-rust/spec/ |
Behavioral specifications from code analysis | 15 files |
clean-room-rust/src-rust/ |
Rust implementation of Claude Code behavior | 100+ files |
assets/ |
Visual assets and banners | 2 files |
| Root | Documentation (README, LICENSE, etc.) | 6 files |
Leaked Source Code
Directory Structure
leaked-source/
├── assistant/
│ └── sessionHistory.ts # Session management
├── bridge/
│ ├── bridgeApi.ts # IDE Bridge API
│ ├── bridgeConfig.ts # Bridge configuration
│ ├── bridgeDebug.ts # Debug utilities
│ ├── bridgeEnabled.ts # Enable/disable bridge
│ ├── bridgeMain.ts # Main bridge logic
│ ├── bridgeMessaging.ts # Message handling
│ ├── bridgePermissionCallbacks.ts
│ ├── bridgePointer.ts
│ ├── bridgeStatusUtil.ts # Status utilities
│ ├── bridgeUI.ts # UI components
│ ├── capacityWake.ts
│ ├── codeSessionApi.ts # Code session API
│ ├── createSession.ts # Session creation
│ ├── debugUtils.ts # Debug utilities
│ ├── envLessBridgeConfig.ts
│ ├── flushGate.ts
│ ├── inboundAttachments.ts
│ ├── inboundMessages.ts
│ ├── initReplBridge.ts # REPL bridge initialization
│ ├── jwtUtils.ts # JWT utilities
│ ├── pollConfig.ts
│ ├── pollConfigDefaults.ts
│ ├── remoteBridgeCore.ts # Remote bridge core
│ ├── replBridge.ts # REPL bridge
│ ├── replBridgeHandle.ts
│ ├── replBridgeTransport.ts
│ ├── sessionIdCompat.ts
│ ├── sessionRunner.ts
│ ├── trustedDevice.ts
│ ├── types.ts # Type definitions
│ └── workSecret.ts
├── buddy/ # Pet/Companion System
│ ├── CompanionSprite.tsx # Sprite component
│ ├── companion.ts # Companion logic
│ ├── prompt.ts # Companion prompts
│ ├── sprites.ts # Sprite definitions
│ ├── types.ts # Companion types
│ └── useBuddyNotification.tsx
├── cli/
│ ├── exit.ts # Exit handling
│ ├── handlers/
│ │ ├── agents.ts # Agent handlers
│ │ ├── auth.ts # Authentication
│ │ ├── autoMode.ts # Auto mode
│ │ ├── mcp.tsx # MCP handlers
│ │ ├── plugins.ts # Plugin system
│ │ └── util.tsx # Utilities
│ ├── ndjsonSafeStringify.ts
│ ├── print.ts # Print utilities
│ ├── remoteIO.ts # Remote I/O
│ ├── structuredIO.ts # Structured I/O
│ └── transports/
│ └── HybridTransport.ts # Hybrid transport
└── [More files in cli/ directory]
Key Files Overview
assistant/sessionHistory.ts
- Session history management
- Stores conversation context
bridge/ - IDE Bridge System
- Purpose: Bidirectional communication between IDE and CLI
- Features: VS Code extension, JetBrains plugin support
- Security: JWT-authenticated channels
buddy/ - The Pet System
- Virtual companion with mood tracking
- Hunger, happiness, energy metrics
- ASCII sprite-based UI
cli/ - Command Line Interface
- Main CLI entry points
- Handler system for different commands
- Transport layer for communication
Clean Room Rust Implementation
Overview
A Rust-based clean-room rewrite based on behavioral analysis of the leaked code.
Directory Structure
clean-room-rust/
├── spec/ # Behavioral Specifications
│ ├── 00_overview.md # System overview
│ ├── 01_core_entry_query.md # Core query handling
│ ├── 02_commands.md # Command system
│ ├── 03_tools.md # Tool definitions
│ ├── 04_components_core_messages.md
│ ├── 05_components_agents_permissions_design.md
│ ├── 06_services_context_state.md
│ ├── 07_hooks.md # Hook system
│ ├── 08_ink_terminal.md # Terminal UI
│ ├── 09_bridge_cli_remote.md # Bridge system
│ ├── 10_utils.md # Utilities
│ ├── 11_special_systems.md # Special features
│ ├── 12_constants_types.md # Constants & types
│ ├── 13_rust_codebase.md # Rust implementation
│ └── INDEX.md # Specification index
│
└── src-rust/
└── crates/
├── api/ # API definitions
├── bridge/ # Bridge implementation
├── buddy/ # Pet system
├── cli/ # CLI entry point
├── commands/ # Command handlers
├── core/ # Core functionality
│ ├── analytics.rs
│ ├── attachments.rs
│ ├── auto_mode.rs
│ ├── bash_classifier.rs
│ ├── claudemd.rs
│ ├── cloud_session.rs
│ └── crypto_utils.rs
└── [More modules]
Key Discoveries
The "Pet" System (Tamagotchi-Style)
One of the most surprising discoveries was a complete virtual pet system:
interface PetState {
name: string;
species: 'cat' | 'dog' | 'custom';
hunger: number; // 0-100
happiness: number; // 0-100
energy: number; // 0-100
mood: 'happy' | 'neutral' | 'sad' | 'excited';
}
IDE Bridge System
Real-time bidirectional communication system:
- VS Code extension integration
- JetBrains plugin support
- JWT authentication
Multi-Agent Architecture
Revealed a multi-agent orchestration system that had been quietly developing since August 2024.
Timeline of Events
| Time | Event |
|---|---|
| March 31, 2026 09:00 UTC | Version 2.1.88 published to npm |
| March 31, 2026 13:00 UTC | Chaofan Shou discovers the leak |
| March 31, 2026 13:30 UTC | News spreads on Twitter/X |
| March 31, 2026 14:00 UTC | GitHub repositories created |
| March 31, 2026 15:00 UTC | Claw-code reaches 100K stars |
| March 31, 2026 18:00 UTC | Anthropic confirms the leak |
| March 31, 2026 20:00 UTC | Compromised npm version removed |
Security Implications
What's NOT Affected
| Concern | Status |
|---|---|
| Customer Data | Safe - No customer data in source |
| API Keys | Safe - No production keys exposed |
| Model Weights | Safe - AI models not in source |
| User Conversations | Safe - Not stored in source |
What's Affected
| Concern | Impact |
|---|---|
| Intellectual Property | Competitors now have blueprint |
| Unreleased Features | Future product differentiation |
| Internal Processes | Development methodology exposed |
| Security Practices | Internal tooling revealed |
Frequently Asked Questions
Q: Is the source code still available?
A: Yes! This repository contains the original leaked TypeScript source code.
Q: Can I use this code commercially?
A: No. The code is copyrighted by Anthropic. Using it commercially would likely constitute copyright infringement.
Q: What's in the Rust implementation?
A: A clean-room rewrite inspired by the behavioral analysis of the leaked code.
Q: What makes this significant?
A: One of the most significant tech leaks in AI history, giving unprecedented access to how a leading AI company builds products.
Resources & References
News Coverage
Contributing
Contributions welcome! Help document this historic leak.
- Fork the repository
- Create your feature branch
- Commit your changes
- Push to the branch
- Open a Pull Request
License
This documentation is for educational purposes. The original Claude Code source code is property of Anthropic, PBC.
Star this repository!
Help others discover this historic leak documentation.
Last updated: April 2, 2026 | Maintained by the community
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found