The entire source code for Anthropic’s Claude Code command line interface application (not the models themselves) has been leaked and disseminated, apparently due to a serious internal error. The leak gives competitors and armchair enthusiasts a detailed blueprint for how Claude Code works—a significant setback for a company that has seen explosive user growth and industry impact over the past several months.
Early this morning, Anthropic published version 2.1.88 of Claude Code npm package—but it was quickly discovered that package included a source map file, which could be used to access the entirety of Claude Code’s source—almost 2,000 TypeScript files and more than 512,000 lines of code.
Security researcher Chaofan Shou was the first to publicly point it out on X, with a link to an archive containing the files. The codebase was then put in a public GitHub repository, and it has been forked tens of thousands of times.
Anthropic publicly acknowledged the mistake in a statement to VentureBeat and other outlets, which reads:
Earlier today, a Claude Code release included some internal source code. No sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach. We’re rolling out measures to prevent this from happening again.
Developers have already begun picking it apart and analyzing it. For example, @himanshustwts on X posted a detailed overview of Claude Code’s memory architecture, describing systems like background memory rewriting and various steps to verify memories’ validity before use.
And Gabriel Anhaia took a bird’s eye view, explaining how many lines of code make up some of the components—around 40,000 for a plugin-like tool system, and 46,000 for the query system—and noting that Claude Code is “a production-grade developer experience, not just a wrapper around an API” and that its sophistication is “both inspiring and humbling.”
There had previously been extensive efforts in some developer communities to reverse-engineer Claude Code, with some success, but not with this totality.
While Anthropic’s trade secrets have some legal protection, there are architectural insights that are valuable to competitors—useful for improving their own architecture, speeding up development of competing tools, seeing what Anthropic is working on next, and identifying gaps in what Anthropic has worked out.
Further, bad actors looking for security vulnerabilities now have a map for bypassing the guardrails Anthropic has put in place. The category Claude Code occupies (and currently leads) is moving very quickly, though, and it’s hard to predict right now how much of a problem this will be a few months down the road.
