What happened with the Claude Code source code leak?

On March 31, 2026, a 59.8MB source map file was accidentally included in @anthropic-ai/claude-code v2.1.88 on npm, exposing 1,900 TypeScript files and 512,000 lines of proprietary source code. Discovered by security researcher Chaofan Shou (@Fried_rice), the codebase was mirrored across GitHub within hours.

What is KAIROS in Claude Code?

KAIROS is an unreleased autonomous daemon mode found in the leaked source, mentioned over 150 times. It allows Claude Code to operate as an always-on background agent that continues working when the user is idle — consolidating memory, resolving contradictions, and sharpening insights into reliable facts.

What is Claude Code Undercover Mode?

Undercover Mode is a feature discovered in the leak that directs Claude Code to scrub all traces of AI origins from git commit messages when contributing to public open-source repositories. The system prompt explicitly warns: 'You are operating UNDERCOVER... MUST NOT contain ANY Anthropic-internal information.'

How many GitHub stars did the Claude Code leak repos get?

The main mirror repo instructkr/claw-code became the fastest GitHub repo ever to surpass 30K stars, reaching ~46K stars and ~55K forks within hours. Additional mirrors by Kuberwastaken (~2.3K stars) and nirholas (~781 stars) also gained significant traction.

What internal model codenames were revealed in the Claude Code leak?

The leak confirmed that Claude 4.6's internal codename is Capybara, Opus 4.6 is Fennec, and an unreleased model called Numbat is still in testing.

What is BUDDY in Claude Code?

BUDDY is a Tamagotchi-style AI virtual pet system found in the leaked code, featuring 18 species (duck, dragon, axolotl, capybara, mushroom, ghost), rarity tiers from common to 1% legendary, and five stats: DEBUGGING, PATIENCE, CHAOS, WISDOM, SNARK. Likely planned as an April Fools easter egg.

How did the Claude Code source code leak happen technically?

Bun's bundler, which Claude Code uses, generates source maps by default unless explicitly disabled. A .map file was included in the npm package that referenced a zip archive on Anthropic's Cloudflare R2 storage bucket, making the entire unminified TypeScript source downloadable.

Was this Anthropic's only leak in 2026?

No. This was Anthropic's second leak in 5 days. On March 26, a CMS configuration error exposed unreleased Claude Mythos model details, draft blog posts, and 3,000 unpublished assets.

How many feature flags were found in Claude Code's leaked source?

44 feature flags covering fully-built but unshipped features were discovered, with compiled code sitting behind flags that evaluate to false in the external build.

What was the community reaction to the Claude Code source leak?

The original X tweet by @Fried_rice got 16M+ impressions and 15K+ replies. The story hit the front page of Hacker News with 3 separate threads, trended on Reddit with ~10M views, and was covered by VentureBeat, Fortune, CNBC, Gizmodo, The Register, Cybernews, Decrypt, and 20+ other outlets within 24 hours.

← Back to dashboard

clawsmith.com/signal/claude-code-source-code-npm-leak

🔥 HypeUnknowntoolLive

Claude Code 512K-Line Source Code Leaked via npm Source Map

Anthropic accidentally shipped a 59.8MB source map file in @anthropic-ai/claude-code v2.1.88 on npm, exposing 1,900 TypeScript files and 512,000 lines of code. Discovered by @Fried_rice, mirrored across GitHub within hours. Revealed KAIROS autonomous daemon mode, Undercover Mode for stealth OSS contributions, 44 unreleased feature flags, internal model codenames (Capybara, Fennec, Numbat), and a BUDDY virtual pet easter egg. Second Anthropic leak in 5 days after the Mythos CMS incident.

Product Idea from this Signal

A pre-publish scanner that strips source maps, secrets, and internal code from npm packages before they ship to the registry

26142.3k ▲

Anthropic accidentally shipped 512K lines of Claude Code source code via an npm source map file that was never meant to be public. This happens constantly because .npmignore and package.json files fields are easy to misconfigure. The repo got 100K+ stars in days as people reversed the entire codebase. This tool scans your npm package before publish, catches source maps, leaked environment variables, internal documentation, and accidentally included files, then blocks the publish until you fix it.

SECURITYCLIDEVTOOLNPMOPEN-SOURCE

Competitive40 leadsView Opportunity →