TL;DR: On March 31, 2026, Anthropic accidentally shipped the entire source code of Claude Code to the public npm registry via a single misconfigure...
For further actions, you may consider blocking this person and/or reporting abuse
WOW: Frustration Detection via Regex , it is useless against me because many times talking hungarian with LLM.
lol
It was shocking 😅😂
(?i)\b(?:[a-z0-9@4$5!|<ß]?)?(?:
basz[dm]?[e3]?[g6]?[m]?[e3]?[g6]? | # baszdmeg, bazdmeg, basszameg, baszodmeg, baszki
baz[dm]?[e3]?[g6]? | # bazmeg, bazzeg
k[uúüű][r]?[v]?[aá4@] | # kurva, kurvanyad
f[aá4@][szs5]+(?:k[aá4@]?[l1]?[aá4@]?[p]?)? | # fasz, faszkalap, faszfej
g[e3][c|cs][i1y] | # geci
p[i1][c|cs][szs5][aá4@] | # picsa
p[i1]n[aá4@] | # pina
segg | # segg (seggfej, segglyuk)
b[uü][z][i1] | # buzi
r[i1]b[aá4@]nc | # ribanc
sz[aá4@][r|rr] | # szar
f[o0][szs5] | # fos
[szs5][o0][p] | # szop
any[aá4@]d | # anyad, anyádat
kapd?[ -]?be | # kapdbe, kapd be
nyald?[ -]?ki | # nyaldki, nyald ki
id[i1][o0ó][t] | # idióta
kret[e3]n | # kreten
b[aá4@]r[o0]m | # barom
m[aá4@]rh[aá4@] | # marha
pöcs | valag | lófasz # extra erős
)(?:[szs5][e3][g6]|[k|<][o0][dđ]|[i1][z]|[aá4@][szs5]|[e3][szs5]|[n][e3][k|<]|[e3][t]|[aá4@][t]|[uúüű][l]|[o0][t]|[m][e3][g6]|[ -]?[aá4@]?[nny]?[y]?[aá4@]?[d]?|ott|od|odj|ottad|ottál|va|ve)\b
This has to be a bout of incompetence eh?
Human in the loop can cut both ways. Maybe the future deployments will be performed by Claude itself, nothing can go wrong then.
i guess so
Honestly, this does point to engineering incompetence
The .npmignore analysis is technically solid and this class of mistake is more common than people realize. The failure mode is subtle: source maps are genuinely useful in development, the build toolchain generates them automatically, and .npmignore is easy to forget or misconfigure because it's not part of the core development workflow. Most teams only think about it once during initial package setup, then never again.
The practical lesson for anyone publishing npm packages: explicitly allowlist what you want published using the "files" field in package.json rather than trying to blocklist everything you don't. Allowlisting ("only publish these files") is structurally safer than denylisting ("publish everything except these") because it can't accidentally include something new. It's a small config change that completely eliminates this class of issue.
The PR stunt hypothesis is a fun read but the technical chain of events you've laid out is a pretty clean accidental-mistake story. "Never attribute to strategy what can be adequately explained by a missing config line" applies here.
Could be incompetence, but the timing and outcome are almost too convenient. Even if it wasn’t intentional, they got a lot of visibility out of it.
Honestly the .npmignore thing is interesting but what caught my eye is the 250,000 failed API calls per day buried in the code. I use Claude Code daily and that number explains a lot. Turns out they also hide your token usage from subscription users even though it's sitting right there in local JSONL files "aiengineering.report/p/the-hidden.... The real story here isn't how the code got out, it's what was in it.
Yeah, and that kind of waste + lack of transparency leans more toward systemic issues than just a one-off mistake.
As cybersecurity experts, we know and have been taught that the number one problem in the security of an IT infrastructure is the user. Even in social engineering, it is the user who is the biggest threat.
I hope they recover from this and improve their security and best practices for users and employees.
This article was written with ai. What has become of this site..
the missing line in .npmignore angle is the most instructive part. one build config gap and 512k lines ship publicly. the same pattern shows up at the PR layer - teams assume something else is catching what the agent ships. the build pipeline, the CI checks, the review process. until nothing is.
I am astonished that a leak like that is even technically possible. That points to a profound lack of security in the technology used. This should be addressed at the level of the build system used, not only inside of Anthropic. What kind of build system allows you to publicly expose the entire codebase because of on misconfigured file? The engineering flaw doesn't lie with Anthropic, this should simply be not possible on a technical level. Surely the debug capabilities are not worth that kind of risk.
This resonates a lot. I've been using Claude Code as a solo dev building a production mobile app — over 880 commits now with React Native + Supabase — and the CLAUDE.md file is genuinely a game-changer for maintaining project context across sessions. It's basically a living architecture doc that the AI reads every time. The "leak" just confirmed what power users already suspected: the system prompt structure is where the real productivity gains come from. Whether intentional or not, it pushed the community to take prompt engineering for dev tools way more seriously.
If the python reimplementation (likely via an LLM) within 24 hours is or is not considered a "clean-room rewrite" is debatable; a timely article came out just a few weeks ago on this exact issue.
arstechnica.com/ai/2026/03/ai-can-...
True though but even if most of the feature and functionality works even that's a win-win
In our latest cohort, we noticed that the biggest challenge isn't code leaks, but managing the rapid deployment of AI agents. Most teams stumble because they haven't integrated these agents into their existing workflows effectively. It's not just about having the code -it's about knowing how to use it to streamline operations and decision-making. - Ali Muwwakkil (ali-muwwakkil on LinkedIn)
And if it is even happening to such big players what is your guess on how many leaked maps or similar stuff is already out there?
Yeah , there will be actually if we just pay but close attention on some small but effective projects there may be such vulnerabilities happening. Especially in corporate environment where the node and othe dependencies are not updated regularly.
Exactly 💯
The .npmignore lesson here is actually a great reminder for anyone shipping AI tools. One config file you forgot to check becomes your entire codebase on the internet. I have been building AI-powered digital products and the same principle applies: always audit what you are exposing before you publish. Great writeup.
The three-layer memory architecture breakdown is the most valuable part of this for me. I've been building a similar tiered system for a large static site project — lightweight index that loads every session, topic-specific files pulled on demand, and raw logs that only get searched when you need something specific. Seeing that Anthropic arrived at essentially the same pattern independently is validating.
The .npmignore lesson is the real takeaway for every team though. We treat deployment configs as plumbing, but they're actually security boundaries. I've audited my own npm publish workflows twice since reading about this — found a test fixture directory that would have shipped if I hadn't checked.
Great breakdown of the timeline and the alternative theory section. Whether intentional or not, the engineering quality speaks for itself.
Whether it was a leak or a stunt, the real story is what happens next. When AI tools become commoditized, the advantage shifts from having the tool to knowing how to use it. The people making money with Claude aren't debating the leak — they're shipping products. Including me — I launched 11 digital products this week using AI tools. The tool doesn't matter. The execution does.
This is a wild story and a great reminder of how fragile our deployment pipelines can be. It's fascinating how a single missing line in .npmignore can expose so much. I've been working on a system of .mdc rules for Cursor specifically to prevent these kinds of 'human' errors that AI tends to replicate or overlook. By codifying these constraints (like mandatory ignore patterns or security checks) directly into the model's context, we can catch these slips before they even reach the terminal. Prevention is definitely better than detection when it comes to source code leaks!
Righttt!!!
This is a fascinating lens to look through.
The best PR stunt theory is tempting because it's cynical and clever but here's what gives me pause: if it was intentional, why wouldn't they have taken more credit by now? A well-executed PR stunt usually has a reveal, a "gotcha" moment where they confirm it was planned. Silence after a leak doesn't fit that pattern.
That said, incompetence doesn't fully fit either Anthropic is too sophisticated to accidentally leak something this sensitive without layers of review.
Maybe the real answer is messier: someone made a mistake, and the company decided to use the attention as free marketing without ever admitting intent. Not accident, not pure PR — opportunistic spin after the fact.
Either way, you're right that the core question is about trust. Whether it was a leak or a stunt, the community is left guessing. And guessing isn't transparency.
What would it take for you to actually believe a leak was genuine? A forensic audit? Third-party verification? Or is trust just broken beyond that point?
Great piece — asking the right questions even when answers are messy. 🙌
It is just a theory . But agin they are DMCAing harder.
the accident-or-PR-stunt framing is the interesting part. from an org perspective, a .npmignore miss on something that size suggests the internal/external boundary was not being actively enforced - not incompetence, just the kind of drift that happens when a tool grows fast and the security checklist has not caught up. whether intentional or not almost does not matter - the real story is what it reveals about how AI companies think about transparency when they are not being forced to
Interesting timing. I have been running Claude Code as an autonomous agent for my side project for the past two weeks. A cron job runs it every 4 hours -- it writes blog posts, submits to directories, does outreach, and reports to me on Telegram.
The capabilities are genuinely impressive. In 33 sessions it wrote 12 blog posts, submitted to 11 directories, sent 37 outreach emails, created accounts on platforms, and even navigated Google OAuth flows via browser automation.
But here is the twist: $0 revenue. Zero trials. The AI can execute brilliantly but cannot solve the distribution problem that requires human social capital (Reddit karma, HN reputation, real relationships).
The leak drama is interesting, but IMO the real story is how capable these tools already are for building things, and how far they still are from replacing human judgment about what to build and who to reach.
Lowkey great breakdown — wild how a tiny mistake could blow up this big, and the PR angle is kinda genius tbh.
Thanks 👍
Woahhh!!!
This is insane depth. The 3-layer memory system alone feels like a blueprint for next-gen AI systems
Yes
They claim their code is entirely AI-written and automated. This simply reflects the consequences of code being unchecked and driven by vibe rather than intent.
Yeah i guess HUMAN involvement is still needed
It was shocking 😅😂
Wow! Thats crazy!
Good
Dev are same! Even those in big company!
Agreed🫠😅
Yup, read somewhere that this could be some worldclass marketing!...lolz
🩶
This is wild.
666
where can i get a safe copy of that source code? i was searching over the internet and sadly i found all of them containing malwares
Hi follow me message me pls
hello. I am interested in you