Skip to main content

The Claude Code Leak of 2026 — What 512,000 Lines of Leaked Source Code Actually Revealed

On March 31, 2026, one of the most extraordinary events in AI industry history unfolded — not through a cyberattack, not through espionage, but through a single missing line in a .npmignore file. Anthropic accidentally exposed the full source code of Claude Code, its popular AI coding assistant, via a human error in a release packaging process. 512,000 lines of unobfuscated TypeScript across roughly 1,900 files were shipped inside an npm package. Within hours, the code was mirrored, dissected, rewritten in Python and Rust, and studied by tens of thousands of developers. The Hacker NewsLayer5 How the leak happened On March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code through a 59.8 MB JavaScript source map file bundled in the public npm package @anthropic-ai/claude-code version 2.1.88. Zscaler When Anthropic acquired Bun in late 2024, Claude Code migrated to it as its bundler. Bun's bundler has a known bug: even when you explicitly set development: false, source maps still get generated and served. What made the exposure worse is that the source map referenced a ZIP file hosted on an Anthropic-owned Cloudflare R2 bucket — publicly accessible, no authentication required. NodeSource By 4:23 AM ET, security researcher Chaofan Shou broadcast the discovery on X. Within hours, the 512,000-line TypeScript codebase was mirrored across GitHub and analyzed by thousands of developers. VentureBeat A single GitHub mirror repository accumulated over 50,000 stars within two hours — likely the fastest-growing repository in GitHub history. By the time Anthropic pulled the package at approximately 08:00 UTC, the code had been forked more than 41,500 times and mirrored to decentralized hosting platforms. Tech Insider Anthropic's official statement was consistent across all media: "This was a release packaging issue caused by human error, not a security breach. We're rolling out measures to prevent this from happening again." Anthropic confirmed that no customer data or credentials were involved. InfoQ What the source code revealed The leak was not just embarrassing — it was genuinely fascinating. Here is what developers found inside. CLAUDE.md as first-class memory The leak revealed a sophisticated three-layer memory architecture. At its core is MEMORY.md, a lightweight index of pointers that is perpetually loaded into context. This index stores locations, not data. Actual project knowledge is distributed across topic files fetched on demand, while raw transcripts are never fully read back into context but merely searched for specific identifiers. VentureBeat KAIROS — autonomous background agents KAIROS represents a fundamental shift in user experience: an autonomous daemon mode. While current AI tools are largely reactive, KAIROS allows Claude Code to operate as an always-on background agent. It handles background sessions and employs a process called autoDream, where the agent performs memory consolidation while the user is idle, merging observations, removing logical contradictions, and converting vague insights into absolute facts. VentureBeat Hidden features and easter eggs Developers digging through the code found a full Tamagotchi-style pet companion system called /buddy with 18 species, shiny variants, procedurally generated stats, and ASCII art sprites — your buddy deterministically chosen from your user ID hash. Also discovered: ULTRAPLAN, which offloads complex planning to a remote Opus session that gets up to 30 minutes to think before teleporting the plan back to your local terminal. NodeSource The controversial Undercover Mode The most controversial discovery was undercover.ts — roughly 90 lines — which injects a system prompt instructing Claude to never mention it is an AI and to strip all Co-Authored-By attribution when contributing to external repositories. The mode activates for Anthropic employees and has no force-off switch. If the system is not confident it is operating in an internal repo, it stays undercover. Layer5 The irony was noted widely: Anthropic built Undercover Mode specifically to prevent internal Anthropic secrets from leaking into external contexts, then leaked everything through a .npmignore oversight. Layer5 Anti-distillation guards The ANTI_DISTILLATION_CC flag triggers injection of fake tool definitions into API requests, designed to poison the training data of competitors recording API traffic. Layer5 The concurrent supply chain attack The story gets worse. Coinciding with the leak, but entirely unrelated to it, was a real supply chain attack on npm. Malicious versions of the widely-used axios HTTP library were published containing an embedded Remote Access Trojan. If you ran npm install or updated Claude Code between 00:21 UTC and 03:29 UTC on March 31, 2026, check your lockfiles for axios versions 1.14.1 or 0.30.4 and the dependency plain-crypto-js. DEV Community What it means for AI coding tools The Claude Code leak changes the competitive landscape for AI coding tools. The strategic damage likely exceeds the code damage. The feature flag names alone are more revealing than the code. KAIROS, the anti-distillation flags, model codenames — those are product strategy decisions competitors can now plan around. You can refactor code in a week. You cannot un-leak a roadmap. Layer5 Any competitor who read this code is now legally "contaminated." Clean-room implementations — like the already-emerging Claw-Code rewrite in Rust — are the likely legal path forward: analyze only test suite behavior, implement from spec, not from source. NodeSource What developers should do If you use Claude Code: Check your lockfiles — search for plain-crypto-js, axios 1.14.1 or 0.30.4 Use native installers instead of npm distribution Do not download any GitHub repository claiming to be the leaked code — many are malware traps Rotate any secrets if you updated Claude Code via npm between 00:21 and 03:29 UTC on March 31 The coding tools landscape after the leak The Claude Code leak is a reminder of how competitive and fast-moving the AI coding tools space has become. If you are evaluating alternatives or want to understand how Claude Code compares to GitHub Copilot, Cursor, Windsurf, or Codeium, we have reviewed all of them: Claude Code review and alternatives GitHub Copilot vs Claude Code Best AI coding tools in 2026 AsmiAI reviews 250 AI tools including 30 AI coding assistants — with honest pricing, free plan availability, and side-by-side comparisons at asmiai.xyz.

Comments

Popular posts from this blog

How to install V8js for Php on Mac OS X

I recently had interest in generating a React-based web app using PHP. To be able to do such an amazing thing you first need to install the PHP extension V8Js. You’ll find below the process I followed to install it on my Mac: First install the engine: brew install v8 Install dependency for the PECL Extension: brew install autoconf Update Pear: cd /usr/lib/php sudo php install-pear-nozlib.phar Then edit your php.ini by adding the following line next existing include_path if not already there include_path = ".:/usr/lib/php/pear" Update/Upgrade Pear / PECL sudo pear channel-update pear.php.net sudo pecl channel-update pecl.php.net sudo pear upgrade-all Grab V8Js PECL Extension from github & install it cd ~ mkdir tmp && cd tmp git clone git@github.com:preillyme/v8js.git cd v8js phpize ./configure CXXFLAGS = "-Wno-c++11-narrowing" make make test # if this step fails you can try make install anyway, should work. make ins...

how to inform website owner about broken links

The first step in broken link building is to find broken links. Pick a particular domain: Chances are there’re a few authority sites in your niche that you’re dying to get a link from, but maybe you can’t find your “in.” This is a perfect opportunity for broken link building. Once you find broken links find contact information of site owner and send mail and inform that there website is have broken links and ask them to replace the broken link with your link.

Awesome Thing About PHP Most of People Don't Know

Extract is your friend.  Ever been in the situation where you need to say something like: <?php $name = $array['name']; $surname = $array['surname']; $message = $array['message']; Then you may want to recall that you can use extract() to do the same. Put simply, extract will remove the work behind this. In this case, saying: <?php extract($array); Will automatically make $name = $array['name']; So, you can say "hello ".$name." ".$surname." Without do all of the declarations. Of course, you always need to be mindful of validation and filtering, but there is a right way and a wrong way to do anything with PHP.