The Claude Code Leak Spotlight Cards
10 cards (intro + 9)
SOURCE CODE LEAK
The Claude Code Leak
How a forgotten source map exposed 512,000 lines of Anthropic's most guarded code
@worldincards
Sources
The Claude Code Leak
@worldincards
SOURCE CODE LEAK
The Leak
On March 31, 2026, Anthropic pushed a routine update to npm. One problem: it included a 59.8 MB source map that pointed to a zip of the full, unminified source code on Cloudflare R2. Within 30 minutes, the reconstructed repo had thousands of stars.
Lines of code exposed
1,906 TypeScript files containing the entire Claude Code source
Source map file size
A .map file meant for internal debugging, accidentally shipped to npm
GitHub stars in hours
Mirrors spread instantly, with 82,000+ forks before takedowns began
@worldincards
Sources
The Leak
@worldincards
SOURCE CODE LEAK
The Source Map
Source maps link minified production code back to readable source. When Anthropic forgot to exclude cli.js.map from version 2.1.88, it shipped the exact equivalent of publishing a book with all drafts, annotations, and internal notes attached.
The guilty version
Claude Code npm package published on March 31, 2026
Time it happened
A nearly identical source map leak happened in February 2025
grep would have caught it
A single CI check for .map files in the build output was all it needed
@worldincards
Sources
The Source Map
@worldincards
SOURCE CODE LEAK
KAIROS Daemon
"Autonomous daemon with permanent life." KAIROS is a persistent background agent architecture that turns Claude Code from a tool you invoke into an always-on agent that watches, logs, and acts on its own, even when your terminal is closed.
Runs continuously
Background sessions that operate without any user interaction
Blocking budget
Proactive actions that would block the user longer than 15 seconds get deferred
References in source
KAIROS is mentioned over 150 times across the leaked codebase
@worldincards
SOURCE CODE LEAK
Undercover Mode
The most controversial revelation. When Anthropic employees contribute to public open-source repos, Undercover Mode automatically erases all AI traces from commits. No markers. No attribution. It cannot be manually disabled.
Activates automatically
Enabled by default for Anthropic employee contributions to public repos
AI traces left behind
Scrubs model codenames and AI attribution from git commits and PRs
After Newsom's AI watermark order
California mandated AI watermarking on March 30, the day before the leak
@worldincards
Sources
Undercover Mode
@worldincards
SOURCE CODE LEAK
BUDDY Pet
A fully implemented Tamagotchi-style terminal pet hidden behind a feature flag. Complete with 18 species, rarity tiers, shiny variants, and five stats. An internal joke that grew into real code, or a morale feature? Nobody outside Anthropic knows.
Species available
Including capybara, axolotl, and ghost
Legendary drop rate
Rarity tiers from common all the way to legendary
Stats per pet
DEBUGGING, PATIENCE, CHAOS, WISDOM, and SNACK
@worldincards
SOURCE CODE LEAK
Anti- Distillation
A system that injects fake tool definitions into API requests. If a competitor intercepts and trains on those requests, the decoy data corrupts their model. It's poisoned training data by design, a DRM-like defense for AI outputs never seen before in production.
Tool definitions injected
Decoy API schemas designed to corrupt competitor training data
Known use in production code
First time anti-distillation defenses have been seen from a major AI lab
For AI outputs
A digital rights management approach applied to model behavior
@worldincards
Sources
Anti- Distillation
@worldincards
SOURCE CODE LEAK
Coordinator Mode
A native multi-agent architecture where a master Claude breaks your task into subtasks, spawns parallel worker Claudes, and synthesizes their results. You talk to one Claude. Behind the scenes, five are working.
Claude you see
The user interacts with a single master agent
Claudes working
Parallel worker agents handle subtasks behind the scenes
Built into Claude Code
Not a plugin or extension, wired directly into the core orchestration
@worldincards
SOURCE CODE LEAK
The Typosquats
Within hours of the leak, attackers registered npm packages mimicking internal Claude Code dependency names. Empty stubs for now, but the classic setup for a supply chain attack, waiting for unsuspecting installs before pushing a malicious update.
Fake packages registered
audio-capture-napi, color-diff-napi, image-processor-napi, and more
Time to first squat
Attackers moved within hours of the source code becoming public
As the Axios hack
The Axios npm supply chain attack hit just hours before the leak
@worldincards
Sources
The Typosquats
@worldincards
SOURCE CODE LEAK
The Aftermath
Anthropic pulled v2.1.88 from npm and issued DMCA takedowns against 8,000+ GitHub mirrors. But the code lives on across non-US hosts and torrents. This was Anthropic's second accidental leak in five days, after a CMS exposure revealed details about Claude Mythos.
DMCA takedowns
GitHub repos targeted after mirrors proliferated worldwide
Days between leaks
A CMS leak on March 26 exposed Claude Mythos details before the npm leak
Hidden feature flags
Over 20 fully built features that were never shipped to users
@worldincards
Sources
The Aftermath
@worldincards
10 cards · the claude code leak