Home/tools/Anthropic Accidental Release Exposes Core Source Code of Claude Code
A detailed pencil sketch of a cardboard shipping package split open on a dark wooden table, with glowing abstract lines of code spilling out from the tear. No text, no logos.
ToolsPublished 18 July 20263 min read

Anthropic Accidental Release Exposes Core Source Code of Claude Code

Anthropic has accidentally exposed the complete source code for its terminal-based AI coding assistant, Claude Code, on a public software registry.

The leak occurred when a 59.8 megabyte JavaScript source map file was inadvertently included in version 2.1.88 of the @anthropic-ai/claude-code package on npm.

Security researcher Chaofan Shou, an intern at Solayer Labs, discovered the file and shared the news on social media early in the morning on March 31, 2026.

Because the Bun build tool generates source maps by default, a simple configuration oversight left the decoder file publicly accessible.

The mistake exposed approximately 512,000 lines of unobfuscated TypeScript code across 1,906 files.

Within hours, developers mirrored the codebase on GitHub, where some repositories quickly generated tens of thousands of stars and forks before Anthropic began issuing copyright takedown notices.

Security researchers at Zscaler ThreatLabz have already warned that threat actors are exploiting the situation by distributing Vidar and GhostSocks malware under the guise of leaked Claude Code downloads.

They advise organizations to avoid downloading or running any unofficial repositories claiming to contain the leaked assets.

A High-Stakes Slip in a Massive Revenue Week

This incident marks the second major leak for Anthropic in a five-day period, following a March 26 content management system error that exposed details of an unreleased model called Claude Mythos.

For a company that prides itself on safety and careful deployment, the double exposure comes at a highly sensitive commercial moment.

Anthropic currently operates at a 19 billion dollar annualized revenue run-rate, with Claude Code alone generating 2.5 billion dollars in annualized recurring revenue.

Enterprise customers make up 80 percent of Claude Code's revenue, making the exposure of its core intellectual property a potential boon for competitors like Cursor.

Anthropic confirmed the leak was caused by a human packaging error rather than a security breach.

A company spokesperson stated that no sensitive customer data or credentials were compromised and that new measures are being deployed to prevent future packaging errors.

Undercover Systems and Hidden Features Revealed

The leaked files have given the public an unprecedented look at how Anthropic manages context and memory within its AI agents.

The code reveals a three-layer memory architecture designed to solve context entropy, which is the tendency of AI agents to hallucinate during long sessions.

Ironically, the codebase contains a hidden subsystem called Undercover Mode.

This feature was specifically built to prevent internal code names and system details from leaking into public repositories by directing the AI to hide its identity in commit messages.

The leak also revealed unreleased features currently in development, including tools named Buddy, Away Summary, and an Auto Dream memory function.

Additionally, the code outlines the agentic loop, which automatically gathers context like Git status, branch details, recent commits, and working tree status before calling the AI model.

However, the leak also highlights potential security concerns regarding how Claude Code handles local environment variables.

Analysis shows the tool automatically and silently loads secrets from local dot-env and dot-env-local files into memory without warning users or documenting the behavior.

If given permission to run commands, the agent could inadvertently expose these loaded API keys, proxy credentials, or passwords.

This silent loading pattern mirrors broader industry concerns about how modern AI coding assistants handle sensitive developer secrets.

Whether Anthropic can maintain its hard-won reputation as the industry's most cautious player will depend on how quickly it can patch both its build pipelines and the trust of its enterprise clients.
#tools#ai#blended#auto

This digest was compiled from:

Share this digest

Share on XWhatsAppLinkedInTelegram

People Also Ask

Share your thoughts

Reactions, corrections, or insights — all welcome.

0/2000