Anthropic Accidentally Leaks Claude Code Source Code

Headline: Anthropic Accidentally Leaks Claude Code Source Code

SAN FRANCISCO — Anthropic accidentally published the entire source code for its flagship AI coding assistant, Claude Code, in a misconfigured update that has since been scrubbed from the internet. The leak, which occurred Tuesday, has been confirmed by TechCrunch, Decrypt, PCMag, Bloomberg, IBTimes UK, and Business Standard. Each of the bullet points immediately below have been confirmed by at least four of the six respected sources we curated on this story.

• The source code leak occurred when Anthropic accidentally included a 59.8 MB debug source map file in version 2.1.88 of the Claude Code package published to the public npm registry.
• Approximately 512,000 lines of code across more than 1,900 TypeScript files were exposed, revealing the internal architecture of the AI agent.
• Anthropic attempted to remove the leaked code from GitHub using DMCA takedown notices, but the company accidentally targeted more than 8,000 repositories, many of which were unrelated to the leak.
• The company subsequently retracted the bulk of the accidental takedown notices, confirming that only one primary repository and 96 forks were intended to be removed.
• Boris Cherny, Anthropic’s head of Claude Code, characterized the mass repository takedown as an “unintentional” error and stated the company is working with GitHub to restore affected projects.
• The leaked files contained 44 hidden feature flags gating unreleased functionality, including multi-agent orchestration logic and internal model codenames.

Additional Details Reported

Engineering experts, including Gergely Orosz of The Pragmatic Engineer, noted that the leak was likely caused by a missing .npmignore entry, allowing internal source maps to be bundled with the public release. Among the most unusual discoveries in the 512,000 lines of code was a hidden, fully functional Tamagotchi-style companion system named “Buddy.” Futurism reported that the system includes species rarity and procedurally generated stats, though strings found in the code suggest it was intended as an April Fools’ Day easter egg.

The leak also exposed Anthropic’s sophisticated multi-agent coordination system and the permission logic used to keep the coding agent secure. While Anthropic has successfully removed the official 2.1.88 release from npm, developers had already archived the source code, leading to several “clean-room” reimplementations appearing on alternative hosting platforms within hours.

How we report: We select the day’s most important stories, confirm facts across multiple reputable sources, and avoid anonymous sourcing. Our goal is clear, balanced coverage you can trust—because transparency and verification matter for informed readers.