Anthropic Accidentally Ships Claude Code's Entire Source Code
A misconfigured npm package exposes 512,000 lines of Claude Code's TypeScript source, revealing feature flags, system prompts, and a hidden Tamagotchi pet.
Vlad Makarovreviewed and published
Anthropic's second security embarrassment in under a week landed on March 31, when version 2.1.88 of the Claude Code npm package shipped 60MB heavier than usual. The reason: a source map file that mapped the minified production code back to the original, readable TypeScript — all 512,000 lines of it, across roughly 1,900 files.
What Happened
Security researcher Chaofan Shou spotted the .map file first and posted an archive on X. Within hours, the code was mirrored to GitHub repositories that racked up 50,000+ forks and 30,000 stars before any takedown could happen. Anthropic pulled the package, but the internet had already done its thing.
The cause was mundane — a misconfigured .npmignore or package.json files field, the kind of build mistake that bites npm publishers regularly. Anthropic called it "a release packaging issue caused by human error, not a security breach." No customer data or credentials were exposed.
This came days after Anthropic accidentally revealed details about its upcoming Mythos model through an unsecured data store, making the timing particularly awkward.
What the Code Reveals
The leak confirmed that Claude Code is a serious production codebase, not a thin API wrapper. Developers found roughly 40,000 lines for the tool/plugin system, 46,000 for the query engine, and a sophisticated memory architecture with "background memory rewriting" and multi-step validation.
The fun stuff: 44 feature flags hiding unreleased functionality, including "KAIROS" — an always-on background agent — and a Tamagotchi-style virtual pet that "sits beside your input box and reacts to your coding." References to the upcoming "Capybara/Mythos" model appeared in the code, confirming it will ship in fast and slow variants with a larger context window.
The less fun stuff: the code reveals internal system prompts, permission models, and guardrail logic — essentially a roadmap for anyone looking to understand or circumvent Claude Code's safety measures. The dependency on axios, which had recently suffered a supply chain compromise, raised additional concerns.
Why This Matters
One developer's comment buried in the code captured the mood: "memoization here increases complexity by a lot, and im not sure it really improves performance." Honest engineering notes are charming when they stay internal; less so when 50,000 people fork them.
The real concern isn't embarrassment — it's that competitors now have detailed architectural insights, and bad actors have a blueprint for the guardrails. Full-stack developer Justin Schroeder warned the community: "Just because the source is now 'available' does NOT mean it is open source. You are violating a license if you copy or redistribute the source code."
Anthropic says it's rolling out measures to prevent repeat incidents. Given the Mythos leak and now this, those measures can't come soon enough.
