DEV Community

Cover image for Claude Code's Entire Source Code Was Just Leaked via npm Source Maps — Here's What's Inside
Gabriel Anhaia
Gabriel Anhaia

Posted on

Claude Code's Entire Source Code Was Just Leaked via npm Source Maps — Here's What's Inside

#claudecode #ai #security #openai

A security researcher discovered Anthropic's full CLI source code exposed through a source map file. 1,900 files. 512,000+ lines. Everything.

If you work with AI-powered coding tools, today is one of those days you'll remember. On March 31, 2026, security researcher Chaofan Shou (@shoucccc) discovered that Anthropic's Claude Code — their flagship agentic CLI tool — had its entire source code exposed through a source map file published to the npm registry.

The leaked codebase was quickly archived to a public GitHub repository, where it has already surpassed 1,100+ stars and 1,900+ forks. And what's inside is fascinating.

Disclaimer: This article is written purely for educational and research purposes. All code referenced remains the intellectual property of Anthropic. I do not endorse, encourage, or condone the unauthorized distribution of proprietary software. The repository was publicly available at the time of writing, and the analysis here is based solely on that publicly accessible information.

The Numbers Speak for Themselves

~1,900 TypeScript files. 512,000+ lines of code. ~40 built-in tools. ~50 slash commands.

This isn't a toy project. Claude Code is a production-grade, heavily architected system. It runs on Bun (not Node), uses React with Ink for terminal UI rendering, and has a modular tool-based architecture that any engineer would appreciate studying.

What Claude Code Actually Is Under the Hood

For those unfamiliar, Claude Code is Anthropic's official command-line interface that lets you interact with Claude directly from your terminal for software engineering tasks. Think of it as an AI pair programmer that can edit files, run commands, search codebases, and manage git workflows — all through natural language.

But the leaked source reveals just how far beyond a "chat wrapper" this tool really goes.

Architecture Highlights

The Tool System (~40 tools) — Claude Code uses a plugin-like tool architecture. Each capability (file read, bash execution, web fetch, LSP integration) is a discrete, permission-gated tool. The base tool definition alone is 29,000 lines of TypeScript.

The Query Engine (46K lines) — This is the brain of the operation. It handles all LLM API calls, streaming, caching, and orchestration. It's by far the largest single module in the codebase.

Multi-Agent Orchestration — Claude Code can spawn sub-agents (they call them "swarms") to handle complex, parallelizable tasks. Each agent runs in its own context with specific tool permissions.

IDE Bridge System — A bidirectional communication layer connects IDE extensions (VS Code, JetBrains) to the CLI via JWT-authenticated channels. This is how the "Claude in your editor" experience works.

Persistent Memory System — A file-based memory directory where Claude stores context about you, your project, and your preferences across sessions.

// Simplified view of the tool architecture
interface Tool {
  name: string;
  permissions: PermissionGate;
  execute(context: ToolContext): Promise<ToolResult>;
}

// ~40 tools registered: Read, Write, Edit, Bash, Grep,
// Glob, WebFetch, Agent, LSP, MCP, and many more...
Enter fullscreen mode Exit fullscreen mode

Key Technical Decisions Worth Noting

  • Bun over Node: They chose Bun as the JavaScript runtime, leveraging its dead code elimination for feature flags and its faster startup times.
  • React for CLI: Using Ink (React for terminals) is bold. It means their terminal UI is component-based with state management, just like a web app.
  • Zod v4 for validation: Schema validation is everywhere. Every tool input, every API response, every config file.
  • ~50 slash commands: From /commit to /review-pr to memory management — there's a command system as rich as any IDE.
  • Lazy-loaded modules: Heavy dependencies like OpenTelemetry and gRPC are lazy-loaded to keep startup fast.

The Security Angle

How did this happen? Apparently, a source map file was included in the npm package. Source maps are meant for debugging — they map minified/bundled code back to the original source. Including one in a production npm publish effectively ships your entire codebase in readable form.

This is a reminder for every engineering team: check your build pipeline. Make sure .map files are excluded from your publish configuration. A single misconfigured .npmignore or files field in package.json can expose everything.

It's ironic — a tool designed to help engineers write better code was undone by a build configuration oversight.

What This Means for the AI Coding Tools Space

Whether or not you agree with the leak, the cat is out of the bag. And what it reveals is that the bar for AI coding tools is incredibly high. Anthropic has invested heavily in making Claude Code a production-grade developer experience, not just a wrapper around an API.

For those of us building in this space, this is both inspiring and humbling. The level of engineering — permission systems, multi-agent orchestration, IDE bridges, persistent memory — shows where the industry is heading.

Speaking of which — this is exactly the kind of ecosystem I've been building around with Hermes IDE. Hermes is a shell wrapper that integrates AI capabilities (Claude, Gemini, Aider, Codex, Copilot) directly into your existing terminal. Ghost-text suggestions, multi-project sessions with isolated git worktrees, a built-in process manager, cost dashboards, 30+ keyboard shortcuts — all layered on top of your existing shell without changing your setup.

Seeing Claude Code's internals reinforces my conviction that the future of development is terminal-native, AI-augmented, and deeply integrated with the tools we already use. That's exactly what we're building with Hermes — not replacing your workflow, but supercharging it. If you're interested, check it out at hermes-ide.com.

What Developers Should Take Away

  • Audit your npm publishes. Use npm pack --dry-run to verify what's included before every release.
  • Source maps are source code. Never include them in production packages unless intentional.
  • Study the architecture. Regardless of the circumstances, the patterns in Claude Code (tool systems, permission gates, multi-agent spawning) are worth understanding if you're building AI-powered tools.
  • The terminal is the IDE. Both Claude Code and tools like Hermes IDE point to a future where your shell is the most powerful development environment you have.

The full leaked repository is available at github.com/instructkr/claude-code. If you want to explore it yourself, go in with curiosity and respect for the engineering work behind it.

If you found this analysis useful, follow me and check out my work on GitHub (@gabrielanhaia). I'm actively building tools at the intersection of AI and developer experience, and there's a lot more coming.

Legal Notice: This article is published for informational and educational purposes only. All source code referenced in this article is the intellectual property of Anthropic, PBC. The author does not host, distribute, or claim ownership of any proprietary code. Analysis is based on publicly available information at the time of writing.

Top comments (0)