AI Haven
AI News

Anthropic's Claude Code Leaks Its Own Source Code for the Second Time in a Year

Anthropic accidentally leaked Claude Code's full source code via an npm source map, exposing 512K+ lines of TypeScript and unreleased features like a virtual pet companion and autonomous agent mode.

March 31, 2026

What Happened

Anthropic accidentally published the complete TypeScript source code of Claude Code through its npm package on March 31, 2026. A 59.8MB source map file (cli.js.map) was included in version 2.1.88, allowing anyone to reconstruct the full codebase—over 512,000 lines of code across 1,900 files. Security researcher Chaofan Shou discovered the exposure. This marks the second such incident in under 14 months; a similar leak occurred in February 2025.

What Was Exposed

The leaked code reveals far more than the active Claude Code product. Researchers identified at least 20 unreleased features hidden in the codebase, including:

  • Buddy System: A Tamagotchi-style virtual pet companion with 18 species, rarity levels, shiny variants, and ASCII art rendering
  • Undercover Mode: Automatically strips AI-generated content from commits for Anthropic employees in public repositories
  • Kairos: An unreleased autonomous daemon for 24/7 background tasks with GitHub webhook integration
  • Coordinator Mode: Schedules parallel subordinate agents for complex workflows
  • Full voice CLI and persistent memory: Capabilities not yet available in the public product

The source map also exposed internal system prompts, 44 feature flags, and security mechanisms including sandboxing configurations and trust validation logic.

What's Not at Risk

Anthropic's core AI models—Claude's model weights and training data—were not exposed. API keys, user data, and cloud infrastructure remain secure. The leak is limited to the product/application layer: the CLI tooling, prompts, and workflow orchestration code.

Why This Matters

Source maps are meant for debugging but should never reach production. Their inclusion enabled reconstruction of Anthropic's entire CLI implementation, lowering barriers for vulnerability research and reverse-engineering. Security analysts note this exposes the technical details behind Claude Code's agentic capabilities—exactly the components that control file access, command execution, and sandboxing.

The rapid spread to GitHub mirrors means the code is now archived across multiple repositories. Developers using npm should audit installations between approximately 12:21 UTC on March 31 for any anomalous behavior.

Source: CyberNewsView original →
← Back to all news