---
title: Anthropic Accidentally Leaks Claude Code's Entire Source Code
description: A source map left in an npm update exposed 512,000 lines of Claude Code, revealing Undercover Mode, anti-distillation systems, and 44 unreleased features. It was Anthropic's second leak in a week.
author: Darie Nani (Editor-in-Chief)
date: 2026-04-01T14:25:42.101Z
updated: 2026-04-04T13:38:02.012Z
canonical: https://www.sovereignmagazine.com/article/anthropic-claude-code-source-code-leak
image: https://cdn.nanimediahouse.com/anthropic-claude-code-leak-featured.webp
categories: Artificial Intelligence
content_type: News
region: Global
publication: Sovereign Magazine
about:
  - type: Organization
    name: Anthropic
---

On March 31, Anthropic shipped a routine update to Claude Code, its AI coding assistant. The update, distributed through npm (a public software registry used by millions of developers), included a 59.8 MB debugging file called a source map. Source maps exist so engineers can trace compiled code back to the original version they wrote. This one contained a direct link to Anthropic's cloud storage, where the complete source code sat in a downloadable archive: 512,000 lines across roughly 1,900 files.

By 4:23 AM ET, Chaofan Shou, a UC Berkeley PhD researcher and security company co-founder, had posted the discovery on X. Within hours, the full codebase was mirrored, forked, and circulating across GitHub.

It was the second time in a week that Anthropic's internal files had [ended up in public hands](https://www.sovereignmagazine.com/article/claude-mythos-anthropic-new-model). Days earlier, Fortune had found roughly 3,000 Anthropic documents in a publicly accessible data cache, including details of an unreleased model called Mythos described internally as posing "unprecedented cybersecurity risks." For a company that has built its reputation on AI safety, two exposures in the space of a few days raised a more basic question about operational security.

## How Claude Code's Source Code Ended Up in Public

The root cause was a missing line in a configuration file. Claude Code is built using Bun, a JavaScript toolkit Anthropic acquired at the end of 2025. Bun generates source maps by default during the build process. A known bug, filed 20 days before the leak, reported that source maps were appearing in production releases even when they should not have been. Nobody on the release team had configured the package to exclude these files, so the debugging artifact shipped alongside the finished product.

The source map itself did not contain the code. It pointed to Anthropic's cloud storage, where the original source sat in a publicly accessible archive. Anyone who opened the debugging file could follow the link and download the full codebase.

Anthropic later recommended developers install Claude Code through its own installer rather than npm. The package has since been updated to exclude source maps.

## What 512,000 Lines of Source Code Revealed

The leaked codebase runs around 40 internal tools, a query engine spanning 46,000 lines of code, and a terminal interface built using techniques borrowed from game engines. Forty-four unreleased features were hidden behind internal toggles, including KAIROS (an autonomous background agent that organizes its own memory while idle) and BUDDY (a virtual pet that lives in the terminal with 18 species and personality stats like DEBUGGING, PATIENCE, and CHAOS).

Internal model codenames were also exposed, including Fennec for [Opus 4.6](https://www.sovereignmagazine.com/article/anthropic-and-openai-release-competing-ai-coding-models-within-minutes-of-each-other) and Numbat for an unreleased model still in testing. The code also contained references to `capybara-v2-fast` with a one-million-token context window and separate "fast" and "thinking" tiers, confirming details of the Capybara model family first revealed in the Mythos leak days earlier.

Two features attracted the sharpest criticism.

**Undercover Mode** activates when Anthropic employees use Claude Code on projects outside the company. It strips all traces of Anthropic from the session: internal project names, Slack channel references, and the credit lines that would normally identify code as AI-generated. The instruction it gives the AI reads: "You are operating UNDERCOVER in a PUBLIC/OPEN-SOURCE repository. Do not blow your cover." There is no off switch documented in the code.

**Anti-distillation**, controlled by an internal flag, takes a different approach. It injects fake data into the requests Claude Code sends to Anthropic's servers. If a competitor intercepts that traffic to train their own AI model, the decoy data corrupts their training set. A second mechanism uses digital signatures to detect when conversation data has been tampered with.

The top comment on the Hacker News discussion thread: "If a tool is willing to conceal its own identity in code contributions, what else is it willing to conceal?"

## The OpenCode Problem

The leak also surfaced an awkward detail about Anthropic's relationship with its competitors.

In mid-March, Anthropic had sent a cease-and-desist to OpenCode, a free, [open-source AI code editor](https://www.sovereignmagazine.com/article/openai-codex-plugins-ai-coding-tools). OpenCode's developers had worked out how to let users access Claude through their existing $200-per-month subscriptions rather than paying Anthropic's separate per-use API fees. Anthropic called it subscription abuse, a violation of its terms of service, and demanded the Claude integration be removed. OpenCode complied.

The leaked Claude Code source contains references to OpenCode in at least two files. One comment notes that a feature "matches OpenCode's auto-scroll behavior." Another groups OpenCode alongside established tools as a reference for how scrolling defaults should work.

Anthropic's engineering team was studying OpenCode and matching its design choices while the legal team was demanding OpenCode stop using [Claude's subscription API](https://www.sovereignmagazine.com/article/anthropic-blocks-openclaw-claude-subscriptions).

## The Fastest-Growing Repository in GitHub History

The community response was immediate. The leaked code reached tens of thousands of stars and forks within hours, making it one of the fastest-growing repositories in GitHub's history.

A ground-up rewrite called claw-code, built independently from the leaked source, hit 50,000 stars in roughly two hours. A separate version rewritten in a different programming language appeared with a full technical breakdown. Chinese developer communities organized group chats and had working copies running within hours. Multiple teams revealed they had already been reverse-engineering older versions of Claude Code for months before the leak made that work unnecessary.

Anthropic issued takedown notices. The code had already been rebranded, redistributed, and rewritten faster than any legal team could respond.

## What Anthropic Has Said

Anthropic's official statement characterized the incident as a packaging error caused by human error, not a security breach. "No sensitive customer data or credentials were involved or exposed," the company said.

That is technically accurate. No passwords, user data, or access keys were in the source code. What was exposed was Anthropic's entire product roadmap, its unreleased features, its internal model codenames, its anti-competitive tooling, and the full architecture of what is arguably the most commercially significant AI coding assistant on the market. Competitors and open-source developers now have the complete blueprint.

Anthropic has not commented on whether Undercover Mode or the anti-distillation system will be modified or removed.

## FAQ

**Q: Is Claude Code open source?**
No. Claude Code is Anthropic's AI-powered coding assistant, distributed as a compiled software package under a proprietary license. Anthropic does not publish the source code. However, on March 31, 2026, the full original source code was accidentally exposed when a debugging file was left in a routine software update distributed through npm, a public software registry. The 512,000 lines of leaked code have since been widely copied and redistributed on GitHub.

**Q: How did Anthropic leak the Claude Code source code?**
On March 31, 2026, Anthropic published a routine update to Claude Code, its AI coding assistant, through the npm software registry. The update accidentally included a 59.8 MB debugging file called a source map. Source maps help engineers trace compiled software back to the original code they wrote. This particular file contained a link to Anthropic's cloud storage, where the complete source code for Claude Code (512,000 lines across roughly 1,900 files) sat in a publicly downloadable archive. Anthropic said the root cause was human error during the packaging process, compounded by a bug in its build tools that generated the debugging file by default.

**Q: Can you use Claude in OpenCode?**
OpenCode is a free, open-source AI code editor that supports multiple AI models. It previously allowed users to access Anthropic's Claude through their existing $200-per-month Claude Max subscriptions, rather than paying Anthropic's separate per-use API fees. In March 2026, Anthropic sent a cease-and-desist calling this a terms-of-service violation, and OpenCode removed the subscription integration. Users can still connect OpenCode to Claude through Anthropic's standard pay-per-use API.

**Q: Does Claude Code expose your code to Anthropic?**
Claude Code, Anthropic's AI coding assistant, runs on the user's machine but sends code and prompts to Anthropic's servers for the AI to process. Anthropic's privacy policy covers what data is retained and how it is used. When the full Claude Code source code was accidentally leaked in March 2026, it revealed internal tracking systems and 44 hidden feature toggles. It also exposed a feature called Undercover Mode, which removes AI credit lines from code that Anthropic employees contribute to outside software projects, and an anti-distillation system that injects fake data into server traffic to interfere with competitors who try to learn from Claude's behavior.
