On March 31, 2026, at 4:23 AM ET, a security researcher named Chaofan Shou posted a tweet that reached thousands of developers worldwide within hours.
He had found something: Anthropic — the AI company valued at $380 billion, the same one that just closed a $30 billion funding round — had accidentally published the complete source code of Claude Code to the public npm registry.
They weren't hacked. They published it themselves.
What Happened
Version 2.1.88 of @anthropic-ai/claude-code was pushed to npm with a 59.8 MB source map file attached. A source map is an internal debugging file that maps minified code back to the original readable source. It's normally excluded from production builds with a single line in .npmignore.
That line wasn't there.
The result: 512,000 lines of TypeScript across 1,900 files — the complete blueprint of how the world's most-used AI coding assistant works — publicly available for hours. Before Anthropic could react, it was already mirrored on GitHub (github.com/instructkr/claude-code, 1,100+ stars in the first hours) and being analyzed by thousands of developers.
Anthropic confirmed the incident:
"Earlier today, a Claude Code release included some internal source code. No sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach."
Technically correct. Strategically, it's another story entirely. Claude Code generates $2.5B in annualized recurring revenue — more than doubled since the beginning of 2026. It's the most important product of the world's most valuable AI company. And they leaked the source code by forgetting a line in a config file.
What They Found Inside
The Memory Architecture Nobody Had Documented
The most interesting thing for anyone using Claude Code isn't the secret features — it's seeing how Anthropic solved the memory problem in long agentic sessions. The system has three layers:
- MEMORY.md: a lightweight index (~150 characters per line) that's always loaded into context. It doesn't store data — it stores locations.
- Topic files: specific knowledge files loaded on-demand when the index references them.
- Transcripts: never fully read back into context. Only "grepped" for specific identifiers.
This is what they call "Strict Write Discipline": the agent only updates the index after confirming the file write was successful. This prevents the model from polluting its context with failed attempts.
If this sounds familiar, it's because it's the same pattern I've been using with OpenClaw in my personal setup. Not coincidentally — it's simply good engineering for long-running agentic systems.
44 Already-Built Features That Haven't Shipped Yet
This is what caught the technical community's attention. The leak revealed 44 feature flags: fully implemented features, with compiled code, but with the flag set to false in the public build.
The most relevant ones:
- Background agents running 24/7 with GitHub webhooks and push notifications
- Multi-agent orchestration: one Claude coordinating multiple worker Claudes, each with a restricted toolset
- Cron scheduling for agents: create, delete, and list jobs with external webhooks
- Full voice mode with its own CLI entrypoint
- Real browser control via Playwright — not web_fetch, an actual controlled browser
- Agents that sleep and self-resume without user prompts
- Persistent memory across sessions without external storage
All of that already exists. It's not a roadmap — it's compiled code waiting to be activated.
The Technical Stack That Surprised Everyone
- Runs on Bun, not Node.js
- Uses React with Ink for terminal UI rendering
- ~40 built-in tools, ~50 slash commands
- Modular tool-based architecture
The Implication Nobody's Naming
They handed Cursor, Windsurf, and every competitor the complete blueprint. Years of R&D, architectural decisions, solutions to undocumented problems — all available on GitHub before breakfast.
But there's a second level that I think matters more: this error doesn't happen in isolation.
March 2026 was simultaneously Anthropic's month of greatest growth and greatest instability:
- 5 major availability incidents in a single month
- A prompt caching bug since March 23 that caused Claude Max sessions to drain in 90 minutes instead of 5 hours
- And now a source code leak from a packaging error
The pattern is the same in every case: the speed of growth outpaces the maturity of internal processes.
This isn't just an Anthropic problem. In the same month, GitHub had real availability of 93.7% — far below their promised 99.9% SLA. That's 45 hours of downtime in a month, versus the 43 minutes their contract considers acceptable.
This happens to any company that scales very fast. It happened to Twitter. It happened to AWS. It's the signal that a technology is making the transition from "experimental tool" to "critical infrastructure" — with all the growing pains that implies.
What This Means for You If You Use Claude Code
1. The features coming soon are genuinely transformative. Background agents with GitHub webhooks, multi-agent orchestration, real browser control — that fundamentally changes what's possible to build. If you're using Claude Code today, in the coming months you'll have access to a significantly more powerful toolset.
2. The memory architecture from the leak is valid design reference. If you're building agentic systems — with Claude Code, OpenClaw, or any other tool — the MEMORY.md + topic files + transcript grep pattern is the cleanest solution to the context entropy problem I've seen publicly documented.
3. Dependency has costs that aren't always visible. It's not just downtime. When you build critical workflows on a tool that grows faster than its internal processes, you also assume the risk of incidents like this. That doesn't mean not using the tool — it means being conscious of the tradeoff you're making.
The Bigger Context
This week I'm recording Es la Hora de Aprender episode 7 with Diego Arias and Rodrigo Rojo — and this leak is the perfect example of the episode's central theme: conscious dependency.
I made the deliberate decision to consolidate my entire stack on Anthropic. I did it knowing the risk. And on the same day this code leaked, Claude was saturated, GitHub went down, and I had one of the least productive days of the year.
The question isn't whether you depend on these tools. It's whether you know exactly what you depend on and how much it costs when it fails.
Resources
- VentureBeat: Claude Code's source code appears to have leaked
- Axios: Anthropic leaked its own Claude source code
- CNBC: Anthropic leaks part of Claude Code's internal source code
- The Register: Anthropic accidentally exposes Claude Code source code
- Dev.to analysis: Claude Code's Entire Source Code Was Just Leaked
- GitHub mirror of the leaked code
📝 Originally published in Spanish at cristiantala.com
Want to keep learning about AI and automation? Join my community of founders at Cágala, Aprende, Repite.
Top comments (0)