On March 31, 2026, developers discovered that the @anthropic-ai/claude-code package on npm accidentally included a cli.js.map file-a source map revealing the entire TypeScript repository behind Claude Code’s client interface. The leak amounts to roughly 512,000 lines across 1,900 files, containing system prompts, secret environment variables, and hidden feature flags. Importantly, this breach exposes only the client-side command-line interface (CLI) and agent orchestration code; the underlying model weights and neural network architecture remain secure. ([reddit.com](https://www.reddit.com/r/singularity/comments/1s8izpi/claude_code_source_code_has_been_leaked_via_a_map/?utm_source=openai))

What the Claude Code leak reveals

  • System prompts and secrets: Files like constants/prompts.ts expose internal prompts, build-time environment variables, and system roles that Claude uses internally. ([reddit.com](https://www.reddit.com/r/SaasDevelopers/comments/1s8pu4c/anthropic_just_leaked_claude_codes_entire_source/?utm_source=openai))
  • Multi-agent coordination: The coordinator/coordinatorMode.ts module gives insight into how a ”master Claude” process orchestrates multiple worker agents simultaneously. ([reddit.com](https://www.reddit.com/r/SaasDevelopers/comments/1s8pu4c/anthropic_just_leaked_claude_codes_entire_source/?utm_source=openai))
  • Unreleased features: Hidden flags indicate upcoming functions like KAIROS for persistent, always-on memory; ULTRAPLAN supporting 30-minute remote planning sessions; and Buddy, a Tamagotchi-style AI companion. ([reddit.com](https://www.reddit.com/r/developersIndia/comments/1s8kgga/anthropic_shipped_source_map_files_in_their/?utm_source=openai))
  • Telemetry and performance tracking: Code segments track interface performance metrics such as FPS, interrupt statistics, and read environment configs by default. ([reddit.com](https://www.reddit.com/r/ClaudeAI/comments/1s8lkkm/i_dug_through_claude_codes_leaked_source_and/?utm_source=openai))
  • Build process oversight: The package was built using the Bun JavaScript runtime, which generates source maps by default. Anthropic’s npm package failed to exclude these files-missing critical .npmignore or package.json files field configuration. ([reddit.com](https://www.reddit.com/r/vibecodingcommunity/comments/1s8m07m/claude_codes_full_source_code_just_leaked/?utm_source=openai))
  • What’s safe: Model weights, training data, and the core neural network architecture remain private, with only the CLI and agent wrappers exposed. ([reddit.com](https://www.reddit.com/r/ClaudeAI/comments/1s8ifm6/claude_code_source_code_has_been_leaked_via_a_map/?utm_source=openai))

Anthropic’s response and developer community reaction

Anthropic has not publicly confirmed or denied the leak as of this article’s publication. All current information stems from independent security researchers and Reddit and Twitter threads. ([reddit.com](https://www.reddit.com/r/SaasDevelopers/comments/1s8pu4c/anthropic_just_leaked_claude_codes_entire_source/?utm_source=openai))

The developer community quickly mirrored the full source code repositories, suggesting widespread confidence in the leak’s authenticity. Experts agree this is not merely an API wrapper but the real client-side logic behind Claude Code’s CLI and multi-agent system. ([reddit.com](https://www.reddit.com/r/SaasDevelopers/comments/1s8pu4c/anthropic_just_leaked_claude_codes_entire_source/?utm_source=openai))

Potential risks and fallout from the Claude Code leak

The exposure of internal logic, secret flags, and system roles could empower competitors, cybersecurity researchers, and malicious actors to reverse-engineer aspects of Claude Code’s client behavior. Although the AI model itself remains intact, detailed knowledge of agent frameworks and telemetry increases avenues for analysis and exploitation. ([reddit.com](https://www.reddit.com/r/ClaudeCode/comments/1s8pljo/claude_code_source_got_leaked_heres_whats_buried/?utm_source=openai))

For Anthropic, this breach risks eroding trust among corporate users and partners concerned about software security and intellectual property protection. It may also invite legal scrutiny regarding trade secret safeguards and compliance with distribution agreements. ([reddit.com](https://www.reddit.com/r/SaasDevelopers/comments/1s8pu4c/anthropic_just_leaked_claude_codes_entire_source/?utm_source=openai))

Developers should audit their own build configurations, especially if using Bun, to verify source maps are properly excluded via .npmignore or package.json settings. Anthropic appears to have made similar packaging errors in versions prior to v0.2.8 and v0.2.28. ([reddit.com](https://www.reddit.com/r/SaasDevelopers/comments/1s8pu4c/anthropic_just_leaked_claude_codes_entire_source/?utm_source=openai))

Unanswered questions about Anthropic’s Claude Code leak

  • Will Anthropic officially acknowledge the leak and issue a public statement?
  • How will this affect the legal status and development roadmap of Claude Code’s flagship features now exposed?
  • Will Anthropic revise its build and release policies to prevent future accidental source map disclosures?
  • How will this incident impact trust among enterprise clients and regulatory bodies?

While the core AI model remains secure, this leak exposes a rare window into Anthropic’s client-side infrastructure-one that competitors, security analysts, and customers will scrutinize heavily. Whether this prompts tighter packaging standards or shifts in Anthropic’s transparency approach will be important to watch in the coming months.

Leave a comment

Your email address will not be published. Required fields are marked *