>_KrakaTech
TechnologyMar 31, 2026· 3 min read

Claude Code: the source code exposed due to a forgotten debug file in the distribution package

The complete source code of Claude Code, Anthropic's command-line tool for AI-assisted programming, has ended up online due to an error in the software packaging process. This was discovered by security researcher Chaofan Shou, who reported the finding on X: a single debug file of about 57 MB, inadvertently left in the official distribution package, made the entire readable TypeScript source code accessible, downloadable directly from Anthropic's cloud storage. This is not an intrusion: Anthropic distributed its own source code, albeit inadvertently.

How the Error Works

Source map files are debugging tools that link the compiled and minified code to the original code written by developers: they belong to internal development environments, not to packages intended for public use. In the case of Claude Code, this file ended up in the public release of the official package distributed via npm, the centralized registry from which developers download JavaScript libraries. This file contained a direct reference to an Anthropic cloud storage space, from which the complete source archive could be downloaded. According to CyberSecurityNews, the file contains 4,756 total sources: 1,906 belong to the actual Claude Code written in TypeScript, while the remaining 2,850 come from the third-party libraries included in the project. The total exceeds 512,000 lines of code.

What is Now Visible to Everyone

Claude Code functions as an autonomous command-line agent: the user assigns it a programming goal, and the system autonomously plans and executes the necessary operations. It reads files, writes code, runs tests, manages the development environment, and communicates directly with Anthropic's models.

By sifting through the leaked code, the community has already mapped its main components. There is a 46,000-line request management engine that coordinates all calls to the model, the real-time flow of responses, caching, and communication between the tool and Anthropic's servers. A system for coordinating multiple AI agents is also visible, managing parallel work sessions, integration with development environments via a bidirectional communication channel, and the complete pipeline for managing context and memory. Even the telemetry to Datadog is now readable line by line by anyone who downloaded the archive.

Among the most discussed details, features that have not yet been announced emerge: an internal mode called Kairos and an assistance system named Buddy that generates a custom behavior profile for users. There is also a feature called Undercover Mode: it ensures that while Claude works on code, it doesn't leave written traces of the secret names of its internal projects. The code had already been copied and replicated to dozens of public repositories on GitHub before Anthropic could intervene.

"Claude code source code has been leaked via a map file in their npm registry!" Code link
Chaofan Shou (@Fried_rice)
March 31, 2026

It should be stated clearly: the exposure concerns the logic of the command-line program, not the internal model parameters or the users' data or conversations. No direct risk to those using Claude. However, internal architecture, permission management logic, protection barriers, and telemetry data of the tool are now in the public domain and accessible to anyone, including competitors.

The Second Incident in Five Days

This episode comes just five days after another similar case: an error in the configuration of the content management system of the Anthropic site exposed around 3,000 unpublished internal resources, including drafts of articles, PDF documents, and details about Claude Mythos, the company's upcoming flagship model.

← OlderBYD Laid Off 100,000 People in 2025, But Is Far from Being in CrisisNewer →CMF Buds 2 vs Nothing Ear (a): two trendy wireless earbuds on sale on Amazon starting at €31