Claude Code source code leaks via npm packaging error
Anthropic accidentally published the full TypeScript source code for its flagship agentic CLI tool, Claude Code, after version 2.1.88 was uploaded to npm with a 60MB source map file. The leak revealed internal model codenames, unreleased autonomous "daemon" features, and proprietary engineering logic used to manage million-line codebases.
This high-profile "source map in production" blunder offers an unprecedented look into Anthropic's agentic roadmap and internal dogfooding strategies. The leaked code reveals KAIROS, an unreleased autonomous mode where the agent runs as a persistent background process, and an undercover.ts utility designed to mask the agent's identity in public repositories. Beyond unreleased features like a hidden terminal-based virtual pet, teardowns uncovered a compaction bug that wasted roughly 250,000 API calls daily before being patched in the latest version.
DISCOVERED
11d ago
2026-03-31
PUBLISHED
11d ago
2026-03-31
RELEVANCE
AUTHOR
Theo - t3․gg