Claude Code Source Leak: GitHub Repo, What’s Inside, and What Happened
Where the nirholas/claude-code and other mirrors came from, what the leaked source contains, and why a simple .map file exposed Anthropic’s internal CLI.
Looking for the Claude Code source repository?
Find the source code here. By the time you reach those repositories, they might have DMCA takedowns.
- nirholas/claude-code - Primary leaked source repository with MCP server for exploration
- Kuberwastaken/claude-code - Detailed architecture breakdown and feature analysis
- abubakarsiddik31/leaked-claude-code - Mirror with legal/fair use documentation
What’s actually inside the leaked Claude Code?
- Full TypeScript CLI source
- Hidden feature flags
- Agent workflow logic
- Prompt templates used internally
- Unreleased commands and tooling
Intro
On the morning of March 31st, 2026, security researcher Chaofan Shou found something strange while examining the latest Claude Code update. Hidden inside the npm package was a file that shouldn't exist, a source map that led straight to Anthropic's private cloud storage. Two days later, the entire AI community was analyzing half a million lines of the company's most valuable code.
GitHub - nirholas/claude-code: Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflows - all through natural language commands.
Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflo...
What Actually Happened
When developers write software, they write it for humans to read like this article. But before shipping it to users, they "minify" it: compressing it into computer-friendly gibberish. Think of it like crushing a soda can: smaller to transport, but impossible to drink from.
Source maps are the bridge back. They're debugging tools that let developers translate that crushed can back into a readable drink. They're essential during development, but must be removed before release.
Someone at Anthropic forgot to remove it.
The Claude Code npm package shipped with its source map intact. That map didn't just contain references, it pointed directly to Anthropic's Cloudflare R2 bucket, where the complete TypeScript source code sat unprotected. Anyone who downloaded the package could follow the map and download everything.
GitHub - Kuberwastaken/claude-code: Claude Code's Source Code & Breakdown from a leaked map file in their NPM registry
Claude Code's Source Code & Breakdown from a leaked map file in their NPM registry - Kuberwastaken/claude-code
This wasn't a hack. It was leaving the keys in the ignition.
Why This Matters
Claude Code isn't just a chatbot in your terminal. It's Anthropic's $20/month "AI engineer" that reads your codebase, runs commands, edits files, and even spawns helper agents to work in parallel. It's proprietary software from a $61.5 billion AI company and suddenly, everyone could see how it works.
The leak matters for three reasons:
- Transparency: We can now see exactly how frontier AI tools are built, not marketing slides, but real production code
- The roadmap: Hidden "feature flags" revealed 44 unreleased features Anthropic is testing
- The irony: Anthropic, the "safety-first" AI company, made a basic operational mistake
What Was Inside
The leaked codebase contains approximately 1,900 files and 512,000 lines of TypeScript. Here's what developers found:
The Architecture
Imagine Claude Code as a very smart assistant with a specific workflow:
- You ask it to do something
- It decides which "tools" to use (reading files, running terminal commands, searching your code)
- It executes them and shows you results
- It loops until the job is done
The code reveals this is sophisticated but understandable engineering, well-structured, professional, and built with Bun (a fast JavaScript runtime) and React for the terminal interface.
The Secret Features
Most interesting were the feature flags—switches that let companies test new features with small groups. The leak revealed 44 unreleased features:
| Feature | What It Does |
|---|---|
| KAIROS ("Always-On Claude") | An AI that doesn't wait for you to ask, it watches your work and proactively helps |
| AutoDream | Background "memory consolidation" that processes your sessions while you're away |
| BUDDY | A fully-implemented Tamagotchi-style pet with 18 species, gacha mechanics, and a "petting" system |
| Undercover Mode | Prevents Anthropic employees from accidentally revealing internal info when contributing to open-source projects |
| Penguin Mode | Internal codename for "Fast Mode" |
The BUDDY feature is particularly charming, a digital pet living in your terminal, complete with species like "Nebulynx" and "Quantumble" that you unlock through a gacha system. It's either delightful or bizarre that a serious AI coding tool includes virtual pets, but it humanizes the command line.
The Technical Easter Eggs
For developers, the leak revealed internal model codenames like "Tengu" (Haiku), "Capybara" (Sonnet), and "Titan" (Opus). There's also a sophisticated three-layer memory system designed to solve "context entropy", the problem where AI agents lose track of what they're doing during long tasks.
The Irony
What makes this story notable is who leaked the code. Anthropic built its reputation on AI safety, careful deployment, and thinking through long-term consequences. Their CEO wrote a 15,000-word essay on responsible AI development.
Yet the leak happened because of the most basic mistake in software packaging. Not a sophisticated cyberattack. Not an insider threat. A checkbox.
Worse, this was a repeat mistake, Anthropic had a similar source map leak in February 2025 that was supposedly patched. The fix didn't stick.
Claude Code source has been available for 13 months, and nothing happened — why?
The full source code of Claude Code has been in the npm package since February 2025. Researchers extracted the roadmap, prompts, and hidden features — yet the product keeps growing.
What Happens Now
As of March 31st, Anthropic hasn't issued a public statement. The source code has been mirrored across GitHub and downloaded by countless developers. You can't unring this bell.
For the AI community, this is an unexpected transparency gift. Academics will study the architecture. Competitors will learn from the patterns. Open-source alternatives will incorporate these designs.
For Anthropic, it's a humbling reminder that in software, the line between "secure" and "exposed" is often one configuration file. Even the most safety-conscious organizations have operational blind spots.
And for the rest of us? We got a fascinating glimpse into the future that was already being built, one feature flag at a time.
The original discovery was made by security researcher Chaofan Shou on March 31, 2026.
If you’re interested in other high-profile developer tool incidents, check out my breakdown of the Axios hack: what happened and what you need to know, which highlights another case where a small misconfiguration had major security implications.
The Axios Hack: What Happened and What You Need to Know
On March 31, 2026, attackers briefly compromised Axios, a tool used in millions of websites. Here's what happened in plain English, and what you should check right now.
Related Articles
The Ultimate Guide to Using Google Antigravity Code Editor
Google Antigravity reimagines the code editor as a cloud-native, AI-assisted workspace. Built for speed and collaboration, it removes local setup, adds real-time teamwork, and brings intelligent coding assistance directly into the browser. This article explores Antigravity’s core features, workflow, and advanced capabilities, and explains how developers can use it effectively in real-world projects.
Tech to Learn in 2026: A Practical Guide to High-Paying, Future-Proof Skills
The Axios Hack 2026: What Happened and What You Need to Know
On March 31, 2026, attackers briefly compromised Axios, a tool used in millions of websites. Here's what happened in plain English, and what you should check right now.
Understanding Golang Packages And Modules
Go’s simplicity hides powerful concepts like packages and modules that make large-scale applications maintainable and efficient. In this guide, we break down how packages structure your code and how modules handle dependencies in modern Go development.
REST APIs: Beyond the Buzzwords
Stop guessing how to structure your endpoints. We break down the core principles of RESTful design and explain why some "rules" are made to be broken in production.