Claude Code tarball sparks leak chatter

The real story is less a leak than a packaging artifact, but the reaction shows how blurry the Claude / Claude Code distinction still is for many people.

• –`npm pack` is useful for reproducibility, inspection, and version pinning; it does not imply model weights or private infrastructure were exposed.
• –The thread is a reminder that AI tool names travel faster than context, so package archives can trigger outsized speculation.
• –Claude Code remains a hosted coding agent; pulling a tarball from npm does not make the underlying model runnable locally.
• –For developers, the interesting angle is version archaeology: comparing published package contents can reveal behavior changes, CLI workflows, and release discipline.