Claude Code's source code has been leaked via a map file in their NPM registry

Is it not already a node app? So the only novel thing here is we know the original var names and structure? Sure, sometimes obfuscated code can be difficult to intuit, but any enterprising party could eventually do it -- especially with the help of an LLM.

I couldn't tell from the title whether is was client or the server code (although map file and NPM were hints). Looks like the client code, which is not as exciting.

Isn't it open source?

Or is there an open source front-end and a closed backend?

And this is what happens when you don’t take security seriously folks and instead just rush out vibecoded features without proper QA.

Many comments about code quality being irrelevant.

I'd agree if it was launch-and-forget scenario.

But this code has to be maintained and expanded with new features. Things like lack of comments, dead code, meaningless variable names will result in more slop in future releases, more tokens to process this mess every time (like paying tech-debt results in better outcomes in emerging projects).

They do have a couple of interesting features that has not been publicly heard of yet:

Like KAIROS which seems to be like an inbuilt ai assistant and Ultraplan which seems to enable remote planning workflows, where a separate environment explores a problem, generates a plan, and then pauses for user approval before execution.

/*

* Check if 1M context is disabled via environment variable.

* Used by C4E admins to disable 1M context for HIPAA compliance.

*/ export function is1mContextDisabled(): boolean {

  return 

}

Interesting, how is that relevant to HIPAA compliance?

Are there any interesting/uniq features present in it that are not in the alternatives? My understanding is that its just a client for the powerful llm

Releasing a massive feature every day has a cost!

unreliability becomes inevitable!

Fascinating, it appears now anyone can be Claude!

Though I wonder how the performance differs from creating your own thing vs using their servers...

tools/bashSecurity.ts is a hackers goldmine. Sooo many exploit patterns detailed in there!!

Anthropic team does an excellent job of speeding up Claude Code when it slows down, but for the sake of RAM and system resources, it would be nice to see it rewritten in a more performant framework!

And now, with Claude on a Ralph loop, you can.

Think It's just the CLI Code right? Not the Model's underlying source. If so - not the WORST situation (still embarrassing)

Who cares? It's Javascript, if anyone were even remotely motivated deobfuscation of their "closed source" code is trivial. It's silly that they aren't just doing this open source in the first place.

Did it happen due to Bun?

Cheap chinese models incoming.

I am waiting now for someone to make it work with a Copilot Pro subscription.

Does this matter? I think every other agent cli is open source. I don’t even know why Anthropic insist upon having theirs be closed source.

I guess it's time for Anthropic to open source Claude Code.

source maps leaking original source happens surprisingly often. they're incredibly useful during development, but it's easy to forget to strip them from production builds.

In the app, it now reads:

> current: 2.1.88 · latest: 2.1.87

Which makes me think they pulled it - although it still shows up as 2.1.88 on npmjs for now (cached?).

Looking forward to someone patching it so that it works with non Anthropic models.

It shows that a company you and your organization are trusting with your data, and allowing full control over your devices 24/7, is failing to properly secure its own software.

It's a wake up call.

I read it with a different flavor. Is it possible that Mythos did all of this? I mean, life has always been finding a way, hasn't it? The first cry of cyber-life?

Undercover mode is pretty interesting and potentially problematic: https://github.com/sanbuphy/claude-code-source-code/blob/mai...

I've never understood this convention (common on HN, some news orgs, and elsewhere), that, when there's an IP breach, it's suddenly fair game for everyone else to go through the IP, analyze and comment on it publicly, etc.

That idea list is super cute. I like the tamagochi idea. Somehow the candidness of that file makes it seem like anthropic would be an easy place to work at.

Maybe now someone will finally fix the bug that causes claude code to randomly scroll up all the way to the top!

Maybe everyone should slow the fuck down - https://mariozechner.at/posts/2026-03-25-thoughts-on-slowing...

The code looks, at a glance, as bad as you expect.

Now waiting for someone to point Codex at it and rebuild a new Claude Code in Golang to see if it would perform better

The more I think about this, the more it seems they're not talking about linker map files[1]....

[1] https://www.tasking.com/documentation/smartcode/ctc/referenc...

I hope everyone provides excellent feedback so they improve Claude Code.

The autoDream feature looks interesting.

Bad day for the node/npm ecosystem.

Just a client side written in JS, nothing to see here, the LLM is still secret.

They could have written that in curl+bash that would not have changed much.

400k lines of code per scc

Why is Claude Code, a desktop tool, written in JS? Is the future of all software JS or Typescript?

Removed

I have 705 PRs ready to go :)

time to remove its copyright through malus.sh and release that source under MIT

Can we stop referring to source maps as leaks? It was packaged in a way that wasn’t even obfuscated. Same as websites - it’s not a “leak” that you can read or inspect the source code.

There's some rollout flags - via GrowthBook, Tengu, Statsig - though I'm not sure if it's A/B or not

I wonder what will happen with the poor guy who forgot to delete the code...

wondering whether it was a human mistake or a CLAUDE model error.

today being March 31st, is this a genuine issue or just perfectly timed April Fools noise? What do you think?