On March 31, 2026, a misconfiguration in an npm package inadvertently led to the leak of Anthropic’s programming tool, Claude Code’s source code. The incident was initially reported on the social platform X by Chaofan Shou, an intern at blockchain infrastructure firm Solayer, who shared a link to a downloadable compressed file of the source code. This file was stored on Anthropic’s R2 cloud storage. The leaked code comprises around 1,900 TypeScript files, totaling more than 512,000 lines, encompassing the entire codebase, tools, commands, and several yet-to-be-released features of Claude Code.

Following the leak, Anthropic quickly updated the npm package, removing the source map files. However, by that time, the open-source community had already mirrored the source code to GitHub, where it attracted significant attention.

The leaked code sheds light on the core architecture of Claude Code, including vital components such as the QueryEngine, multi-Agent collaboration system, Memory system, and IDE Bridge. Additionally, it exposes several unreleased hidden features, such as the autonomous daemon mode KAIROS and the electronic pet system Buddy System.

While Anthropic has yet to issue an official public statement regarding the incident, the leak is expected to have far-reaching consequences for the field of AI programming assistants.