On March 31, 2026, one of the most extraordinary events in AI industry history unfolded — not through a cyberattack, not through espionage, but through a single missing line in a .npmignore file.
Anthropic accidentally exposed the full source code of Claude Code, its popular AI coding assistant, via a human error in a release packaging process. 512,000 lines of unobfuscated TypeScript across roughly 1,900 files were shipped inside an npm package. Within hours, the code was mirrored, dissected, rewritten in Python and Rust, and studied by tens of thousands of developers. The Hacker NewsLayer5
How the leak happened
On March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code through a 59.8 MB JavaScript source map file bundled in the public npm package @anthropic-ai/claude-code version 2.1.88. Zscaler
When Anthropic acquired Bun in late 2024, Claude Code migrated to it as its bundler. Bun's bundler has a known bug: even when you explicitly set development: false, source maps still get generated and served. What made the exposure worse is that the source map referenced a ZIP file hosted on an Anthropic-owned Cloudflare R2 bucket — publicly accessible, no authentication required. NodeSource
By 4:23 AM ET, security researcher Chaofan Shou broadcast the discovery on X. Within hours, the 512,000-line TypeScript codebase was mirrored across GitHub and analyzed by thousands of developers. VentureBeat
A single GitHub mirror repository accumulated over 50,000 stars within two hours — likely the fastest-growing repository in GitHub history. By the time Anthropic pulled the package at approximately 08:00 UTC, the code had been forked more than 41,500 times and mirrored to decentralized hosting platforms. Tech Insider
Anthropic's official statement was consistent across all media: "This was a release packaging issue caused by human error, not a security breach. We're rolling out measures to prevent this from happening again." Anthropic confirmed that no customer data or credentials were involved. InfoQ
What the source code revealed
The leak was not just embarrassing — it was genuinely fascinating. Here is what developers found inside.
CLAUDE.md as first-class memory
The leak revealed a sophisticated three-layer memory architecture. At its core is MEMORY.md, a lightweight index of pointers that is perpetually loaded into context. This index stores locations, not data. Actual project knowledge is distributed across topic files fetched on demand, while raw transcripts are never fully read back into context but merely searched for specific identifiers. VentureBeat
KAIROS — autonomous background agents
KAIROS represents a fundamental shift in user experience: an autonomous daemon mode. While current AI tools are largely reactive, KAIROS allows Claude Code to operate as an always-on background agent. It handles background sessions and employs a process called autoDream, where the agent performs memory consolidation while the user is idle, merging observations, removing logical contradictions, and converting vague insights into absolute facts. VentureBeat
Hidden features and easter eggs
Developers digging through the code found a full Tamagotchi-style pet companion system called /buddy with 18 species, shiny variants, procedurally generated stats, and ASCII art sprites — your buddy deterministically chosen from your user ID hash. Also discovered: ULTRAPLAN, which offloads complex planning to a remote Opus session that gets up to 30 minutes to think before teleporting the plan back to your local terminal. NodeSource
The controversial Undercover Mode
The most controversial discovery was undercover.ts — roughly 90 lines — which injects a system prompt instructing Claude to never mention it is an AI and to strip all Co-Authored-By attribution when contributing to external repositories. The mode activates for Anthropic employees and has no force-off switch. If the system is not confident it is operating in an internal repo, it stays undercover. Layer5
The irony was noted widely: Anthropic built Undercover Mode specifically to prevent internal Anthropic secrets from leaking into external contexts, then leaked everything through a .npmignore oversight. Layer5
Anti-distillation guards
The ANTI_DISTILLATION_CC flag triggers injection of fake tool definitions into API requests, designed to poison the training data of competitors recording API traffic. Layer5
The concurrent supply chain attack
The story gets worse. Coinciding with the leak, but entirely unrelated to it, was a real supply chain attack on npm. Malicious versions of the widely-used axios HTTP library were published containing an embedded Remote Access Trojan. If you ran npm install or updated Claude Code between 00:21 UTC and 03:29 UTC on March 31, 2026, check your lockfiles for axios versions 1.14.1 or 0.30.4 and the dependency plain-crypto-js. DEV Community
What it means for AI coding tools
The Claude Code leak changes the competitive landscape for AI coding tools. The strategic damage likely exceeds the code damage. The feature flag names alone are more revealing than the code. KAIROS, the anti-distillation flags, model codenames — those are product strategy decisions competitors can now plan around. You can refactor code in a week. You cannot un-leak a roadmap. Layer5
Any competitor who read this code is now legally "contaminated." Clean-room implementations — like the already-emerging Claw-Code rewrite in Rust — are the likely legal path forward: analyze only test suite behavior, implement from spec, not from source. NodeSource
What developers should do
If you use Claude Code:
Check your lockfiles — search for plain-crypto-js, axios 1.14.1 or 0.30.4
Use native installers instead of npm distribution
Do not download any GitHub repository claiming to be the leaked code — many are malware traps
Rotate any secrets if you updated Claude Code via npm between 00:21 and 03:29 UTC on March 31
The coding tools landscape after the leak
The Claude Code leak is a reminder of how competitive and fast-moving the AI coding tools space has become. If you are evaluating alternatives or want to understand how Claude Code compares to GitHub Copilot, Cursor, Windsurf, or Codeium, we have reviewed all of them:
Claude Code review and alternatives
GitHub Copilot vs Claude Code
Best AI coding tools in 2026
AsmiAI reviews 250 AI tools including 30 AI coding assistants — with honest pricing, free plan availability, and side-by-side comparisons at asmiai.xyz.
Top comments (0)