Claude Code Source Code Exposed: What Happened and What It Revealed

Curated by Matt Perry

CTO

5 April 2026

What Happened

On 31 March 2026, security researcher Chaofan Shou found that Anthropic's Claude Code CLI tool had its full source code exposed. The cause was a misconfigured npm package. This was not a hack or a security breach. It was a packaging error.

A .map sourcemap file was shipped with the production build by mistake. Sourcemap files are standard debugging tools used during development. They map minified (compressed) production code back to the original, readable source. When you accidentally include one in a published package, it reveals your entire codebase.

As software engineer Gabriel Anhaia noted, "A single misconfigured .npmignore or files field in package.json can expose everything."

The sourcemap file pointed to an unobfuscated TypeScript source. That source led to a zip archive on Anthropic's Cloudflare R2 storage bucket containing the full codebase.

How It Spread

Once found, the exposed code was quickly backed up to GitHub. The most notable backup, hosted by a user called Kuberwastaken, was forked more than 41,500 times. The original uploader later replaced the content with a Python port, citing liability concerns. Despite this, many mirrors stayed available across GitHub.

The incident drew major attention on Reddit's r/ClaudeAI community. It was also covered by The Register and VentureBeat.

What the Code Revealed

The exposed archive held roughly 1,900 TypeScript files totalling over 512,000 lines of code. It gave a detailed look at how a production AI coding agent is built.

Architecture: Claude Code uses a 785KB main.tsx entry point with a custom React terminal renderer. The tool has over 40 built-in tools, a permission-based access control system, and multi-agent orchestration (the ability to coordinate several AI agents working together).

Unreleased features: The code contained several features hidden behind compile-time flags. These had not been publicly announced. They included a persistent assistant mode, remote planning sessions with extended thinking time, and a background memory system that processes session logs into lasting memories.

Permission system: The source showed a machine learning-based auto-approval classifier for tool permissions. This sits alongside the manual permission controls that users see and interact with.

Prompt caching: The code revealed how Claude Code caches prompts using static versus dynamic boundary markers. This technique cuts API costs and reduces wait times.

Anthropic's Response

Anthropic responded quickly. It confirmed the incident was "a release packaging issue caused by human error, not a security breach." The company said no customer data or credentials were exposed. It was "rolling out measures to prevent this from happening again."

Before this incident, the community had already partly reverse-engineered Claude Code's internals. Dedicated websites tracked exposed features and system prompts. But the full source code gave a far more complete picture than any previous effort.

What This Means for AI Development Tools

The incident highlights a few important points for the AI industry.

Build configuration matters. Even top AI companies can be caught out by basic packaging mistakes. The .npmignore and files fields in package.json control what gets published to npm. Automated checks in CI/CD pipelines (the automated steps that test and deploy code) can catch these issues before they go live.

AI agent architecture is maturing. The codebase showed a well-structured, production-grade AI agent. It had advanced tool management, permission systems, and memory features. This gives the wider developer community a reference point for building complex AI coding tools at scale.

Openness has value. While accidental, the exposure gave developers and researchers a look at how AI coding assistants work under the hood. Several commentators noted that the patterns around tool orchestration and permission management could help the broader open-source AI tooling community.

Key Takeaway

This was a routine packaging error with outsized results. No customer data was compromised. The exposed code showed a thoughtfully built product. For development teams working with npm packages, it is a timely reminder. Audit your build settings. Make sure sourcemaps and other development files are excluded from production releases.

Protect Your AI Systems

Incidents like this highlight why AI security and production readiness matter. If you are building with AI tools or deploying AI agents in your business, our team can help you do it safely.

• AI Engineering — we build secure, production-grade AI systems for UK businesses
• AI Production Systems — get your AI tools production-ready with proper security, monitoring and testing
• AI Desktop Agents — how to deploy AI agents that control your computer safely
• Book a free intro call — we will walk you through what is achievable for your budget

Sources

This article was compiled from the following sources:

• The Register - Anthropic Claude Code Source Code
• VentureBeat - Claude Code's Source Code Appears to Have Leaked
• GitHub - Kuberwastaken/claude-code Repository

More in AI Industry Trends

View all

6 Apr 2026

WhatsApp Is Becoming a Sales Funnel: What Meta's Strategic Shift Means for Your Business

28 Mar 2026

6 AI Automation Agencies in Manchester Businesses Should Consider

27 Mar 2026

10 AI Automation Agencies in the UK Worth Considering (2026)