Epic leak! 512,000 lines, Claude Code source code has been open-sourced!

Epic leak! 512,000 lines, Claude Code source code has been open-sourced!

```

Anthropic has suffered what is arguably the largest code leak in the industry. The complete source code of Claude Code was made fully available to the public due to a low-level packaging mistake. Over 510,000 lines of TypeScript code, more than 40 utility modules, and several unreleased core features have been exposed to developers worldwide.

This is an accident, but also a warning. Although the leak did not affect the core Claude model weights or user data, it fully exposed the internal architectural logic, system prompt design, and tool invocation mechanisms of Claude Code, along with unreleased features and potential security logic.

Industry insiders believe that this event will substantially lower the knowledge threshold for engineering AI Agents and accelerate competitive evolution in the developer ecosystem.

It's worth noting this is not Anthropic's first such mistake. In February 2025, an earlier version of Claude Code was exposed due to a similar source map oversight. This latest incident further raises questions about the software supply chain security maturity of the $18 billion AI star company.

A .map file triggers the leak of 510,000 lines of code

Blockchain security company Fuzzland researcher Chaofan Shou first disclosed the incident on X. The official Anthropic npm package @anthropic-ai/claude-code version 2.1.88 accidentally included a cli.js.map file of about 60MB.

Inside the cli.js.map file, there are two key arrays: sources (file path list) and sourcesContent (the complete source code for each, indexed correspondingly). This means anyone can download this JSON file and fully extract all original code, with very low technical barriers.

Analysis shows that the source map file contains contents from 4,756 source files, 1,906 of which are Claude Code's own TypeScript/TSX files, while the other 2,850 are node_modules dependencies. Total code exceeds 512,000 lines.

Within hours of the exposure, mirror repositories on GitHub quickly surpassed 5,000 stars. Anthropic has removed the source map from the npm package. However, early npm versions have been archived by many parties, and the content continues to circulate in developer communities.

Full architecture exposed for the first time

Restored source code has provided the external world with the most complete view yet of the Claude Code architecture.

Code shows that Claude Code uses React and Ink frameworks to build its terminal interface, runs on the Bun runtime, and is centered around a REPL loop supporting natural language input and slash commands, interacting at the backend with tool systems and LLM APIs.

At the tool level, there are more than 40 independent modules covering file reading/writing, Bash command execution, LSP protocol integration, and sub-agent generation capability—essentially forming a fully functional "universal toolbox."

For inference, a core file called QueryEngine.ts containing 46,000 lines handles inference logic, token counting, and all "chain of thought" loops.

In multi-agent aspects, the leaked code showed a coordinator module and a bridge module—the latter connects VS Code and JetBrains IDEs, indicating Claude Code already supports multi-machine collaboration and deep engineering embedding in development environments.

Unreleased features appear by accident

Among the leaked content, the most attention has gone to several features that have never been publicly released.

The mode code-named Kairos is particularly notable—it represents a persistent autonomous daemon supporting background sessions and memory consolidation. This means Claude can run as a resident background AI agent, continually handling tasks and building understanding of projects.

There is also a "Buddy System" embedded in the code—an electronic pet system containing 18 species, rarity levels, shiny variants, and stats—clearly the product of Anthropic engineers' playful spirit, sitting side-by-side with core architecture.

In mode design, the code reveals "Coordinator Mode," which allows Claude to schedule parallel subordinate agents, and "Auto Mode," an AI tool permission classifier aiming to simplify operation approval flows.

Additionally, a feature named "Undercover Mode" sparked controversy. According to the code, when Anthropic employees work in public repositories, this mode auto-activates, erasing AI-related traces from commit records and cannot be manually disabled.

Security risks and supply chain warnings

Security researchers point out that while the leak did not directly involve model weights or user private data, potential risks can't be ignored.

Reports indicate the leak fully exposed internal security logic, and may reveal attack vectors like server-side request forgery (SSRF), providing entry points for further security research. The open-source community is already exploring forks and testing combinations with other agent frameworks based on the leaked code.

Considering industry context, npm is the world’s biggest JavaScript package repository, handling millions of daily downloads. Such packaging mistakes highlight the need for companies to strengthen source file review in CI/CD pipelines, even while pursuing rapid release cycles.

A direct warning for all npm package publishers: check for .map files before releasing. Just one sourcesContent field can disclose the complete source code.

The Agent ecosystem may hit an accelerated turning point

From an industry impact perspective, the significance of this event may go beyond being a mere technical accident.

The full engineering implementation of a top AI Agent has been disclosed unexpectedly, noticeably lowering the knowledge barrier for the field. Developers can directly refer to Claude Code’s architectural design, prompt logic, and tool invocation for learning and imitation, shortening the independent R&D exploration cycle.

At the same time, the event also demonstrates Anthropic’s accumulated engineering expertise in Agent development—whether it’s multi-agent coordination or persistent daemon design, all exceed competing products in engineering depth.

As an ecosystem expansion tool, Claude Code mainly targets professional developers, competing with GitHub Copilot, Cursor, and other AI coding assistants. Whether the release of its source code will accelerate collective innovation in AI Agent architectures under increased competition is being closely watched.

Risk warning and disclaimerThe market involves risks. Investments require caution. This article does not constitute individual investment advice and does not take into account special investment objectives, financial status, or needs of individual users. Users should assess whether any opinions, views, or conclusions in this article are suitable for their specific situation. Investment based on this is at your own risk. ```