Віталій Капля
Customer login
Blog Claude Code Big Leak

Claude Code Big Leak

Vitalii Kaplia Articles 1 April 12 min 18

«A company that spent years protecting its code as a state secret leaked it through one npm publish at four in the morning»

Anthropic just made Claude Code open source. By accident

Yes, I know what today’s date is. No, this is not a joke. Believe me, I checked it three times myself — because when you read “Anthropic leaked all the source code of Claude Code” on April first, the first reaction is completely logical: someone started celebrating early. But it’s not someone. It’s Anthropic. And they weren’t celebrating.

April 1, 2026. Anthropic — a company valued at $380 billion, which built its entire narrative around safety first and closed code — accidentally published the complete source code of Claude Code in an NPM package.

I found out about it in the morning when I routinely opened Claude Code to work. Within an hour, my X and Threads turned into a solid stream of screenshots, forks, and memes. Someone had already managed to rename the company to Anslopic — a play on words with AI slop that hit the mark perfectly. 390,000 lines of TypeScript — everything Anthropic hid for years as “secret sauce” — scattered across the internet faster than they could wake up in San Francisco.

How it happened: source maps in production

Version 2.1.88 of the Claude Code package on NPM contained a file that should never have left the dev environment — a 57-megabyte source map. For a non-technical audience: a source map is a file that links minified, unreadable code to the original source code. It’s used for debugging during development. In production, it’s not needed. And if it gets into production — congratulations, you just published all your source code.

The first to notice was Chaofan Shou — a security researcher from Solayer Labs. Within minutes, the code was being mirrored, forked, and analyzed all over the world.

How did the source map end up in the package? Claude Code is built on BunJS — a JavaScript runtime that Anthropic recently acquired. Bun has a known bug with server source maps in production, but Jared Sumner — the creator of Bun and now an Anthropic employee — confirmed that Claude Code doesn’t use bun serve, so this bug isn’t relevant here.

Theo from the t3.gg channel has his own theory: a few days before the leak, Anthropic was actively fighting rate limit issues in Claude Code. Several employees publicly wrote that they were investigating abnormally high numbers. It makes perfect sense that someone decided to enable more detailed logs — and accidentally packed source maps into the release build. One npm publish — and “secret sauce” became public domain.

Anthropic’s official response: “This was a packaging error caused by human error, not a security breach”. Theo sarcastically noted: interesting that a company building AI agents for code writing emphasizes human error.

DMCA hurricane and Theo in the crosshairs

Anthropic’s legal team responded the way all legal teams do — with DMCA requests. Hundreds of requests. Possibly thousands. They started taking down repositories on GitHub, blocking mirrors, demanding file removal from Cloudflare R2.

But the code already scattered. You don’t swing fists after a fight — but Anthropic’s lawyers apparently haven’t heard this proverb.

Even those who simply forked the official Claude Code repository on GitHub got it — the same one that doesn’t contain the source code. Just forked a public repo — and received a DMCA. Theo called it “the world record speed run for the most false DMCA takedowns”.

Theo himself also got caught in the crossfire. His stream was titled — simply and eloquently: “I got DMCA’d by Anthropic…”. Anthropic’s lawyers, who should have been dealing with strategy, instead find themselves fighting bloggers discussing publicly available information.

What Anthropic was hiding all this time

And now to the most interesting part. What was Anthropic hiding all this time?

Fireship from The Code Report described it aptly: Claude Code is essentially “dynamic prompt sandwich, glued together with TypeScript”. Not alien magic technology, but basic programming concepts that have existed for 50 years, plus a bunch of prompt spaghetti.

Here’s what they found:

  • Hardcoded instructions — file after file of massive text strings that literally beg Claude to be a “good boy”. Tons of instructions and guardrails baked right into the code
  • Anti-distillation poison pills — a system to protect against being copied by competitors. Claude Code pretends to have tools that don’t actually exist. If someone trains their model on Claude outputs — it learns to work with fake tools and becomes worse. Clever, but now everyone knows there are only about 25 real tools
  • Undercover mode — a set of instructions that prohibit Claude from mentioning itself in commit messages. The goal — to make the code look as “human” as possible. Officially — to prevent model name leaks. Unofficially — so Anthropic employees could inconspicuously contribute to open source projects through Claude Code
  • Frustration detector — a regex frustration detector. Yes, a state-of-the-art AI model uses a simple regular expression that searches your prompt for keywords like “shit”, “fuck” and others. Finds it — logs the event in analytics. Simple and supernatural-free
  • Bash tool — over 1000 lines of code for reliable bash command parsing and execution. Possibly the most important component of the entire product

Hidden features: from Tamagotchi to “God’s Time”

In addition to current functionality, the code contained a bunch of unreleased features under feature flags:

  • Buddy — a Tamagotchi companion that was supposed to “hatch” inside Claude Code between April 1-7. This was probably an April Fools’ joke from Anthropic. They probably won’t release it now
  • Dream Mode — background agents that automatically review your past sessions and consolidate memory while you sleep. The idea is for Claude Code to better adapt to your style without additional instructions
  • Coordinator Mode — one instance of Claude Code launches multiple workers in parallel, each with full tool access but specific tasks. Essentially — a manager distributing work to subordinates
  • Ultra Plan and Ultra Review — modes for long complex tasks via remote agents. Ultra Review — automatic code review with billing control. Anthropic previously announced code review at approximately $25 per PR — now it’s clear where that number came from
  • Kairos — a Greek word meaning “precise moment in time” or “God’s time”. It’s an always-on background agent that asks itself every few seconds: “Is there anything worth doing right now?” It can make changes, push notifications, edit files, create PRs and automatically update them when someone leaves feedback. Essentially — Claude Code working even when you’re not

Fireship also found references to Opus 4.7 and a new model codenamed Capybara — possibly the recently teased Mythos.

The irony: Anthropic couldn’t reveal Kairos at the “precise moment” it chose. Instead — the moment chose for it.

Code quality: 7 out of 10 — but the reviewer is somewhat biased

Theo asked Claude Code (yes, the leaked one itself) to rate the quality of the leaked code. The result — 7 out of 10. Possibly a somewhat biased assessment.

More specifically:

  • Type safety — solid. Only 38 instances of any across 500+ files
  • Async patterns — modern. 258 .then() chains, zero callback hell
  • Linting — they use Biome, 248 rule ignores
  • God files — files with 5000+ lines. That’s too much
  • Feature flags — over 1000 references to GrowthBook scattered across 250 files. Chaos
  • Environment variables — a mess. On Linux, Claude Code falls back to plain text for credential storage. Tokens are logged for debugging. Centralized secret sanitization before logging — there isn’t any
  • No tests — but that’s likely due to the nature of source maps, which don’t include test files

390,000 lines of TypeScript. For comparison — OpenAI’s Codex, which was open source from the start, contains 515,000 lines of Rust code.

An interesting detail: in the Claude Code source, they found references to OpenCode — an open source competitor. Anthropic was copying OpenCode’s behavior for things like scrolling. So a closed company was peeking at open projects, not the other way around.

Forks, rewrites, and an army of clones

The open source community responded instantly. claude-code-fork appeared — a fork of the leaked code that immediately gained tens of thousands of stars on GitHub.

In parallel, openclaude appeared — a fork that works with any model. GPT, Gemini, local models — everything. Essentially, Claude Code without Anthropic.

Someone even tried to create a pull request to the official Claude Code repository with the leaked code. Anthropic, of course, deleted it. But the attempt was beautiful.

My take: when your main tool becomes the news of the day

I use Claude Code daily. It’s my main work tool. I’ve written about a dozen projects with it — Kaplia Chat, Notes, EDU, client solutions. And recently I even ventured into the sacred: started writing a full-fledged multilingual WordPress plugin — essentially a WPML replacement. But I’ll write about that separately. So this news is not just an interesting news story for me, it’s something deeply personal.

And you know what? I’m not surprised by what I saw in the code. Massive hardcoded prompts, multi-layered instruction systems, CLAUDE.md, which gets inserted anew with each turn — it all felt like it during work. When you work with a tool for months 8-10 hours a day, you start to intuitively understand how it’s constructed. The leak just confirmed intuition.

What really surprised me — the frustration detector on regex. Seriously, Anthropic? A company building one of the smartest AI models on the planet uses a simple regex to search for profanity in prompts? It’s like putting a wooden lock on a safe door.

On the irony of the situation

This story is pure irony from beginning to end.

Anthropic — a company that positioned itself as “safety first”. That spent years explaining why closed code is better for humanity. That made the “secret sauce” argument the reason not to open Claude Code. That sent DMCA notices even for previous minor leaks.

This same company leaked everything through one NPM package at four in the morning.

Fireship summed it up best: Anthropic officially became more open source than OpenAI. And this is not a joke — it’s a fact.

Theo added another layer of irony: Claude Code ranks 39th on TerminalBench among coding harnesses. If you filter only by the Opus model — Claude Code still ranks last among harnesses for Opus. Cursor with the same Opus shows 93%, while Claude Code — 77%. The same “secret sauce” that Anthropic so jealously guarded — turned out to be not so secret, and not so saucy.

What Anthropic should do: advice from the community

Theo in his video gave Anthropic clear advice in several points, and I completely agree with him:

Open the code. Not necessarily tomorrow. But provide a roadmap and timeline. A month or two to clean up the codebase, remove commit history, prepare the repository — that’s normal. Just say: “We plan to do this. Here’s when”.

Stop sending DMCA notices. The code is already everywhere. You won’t hide it. Every new DMCA request is not intellectual property protection, it’s a PR disaster. Especially when you send it to people who aren’t even using the leaked code.

Let engineers speak. You have people who spent years building features they couldn’t talk about. Dream Mode, Coordinator Mode, Kairos — behind each of these names is an engineer proud of their work. Instead of corporate press releases — let these people come out and tell what they built and why.

Be human. Theo gave an example from OpenAI: when he criticized their frontend models, instead of lawyers, an engineer answered him — with humor and self-irony. One human tweet did more for OpenAI’s reputation than ten press releases. Anthropic, which positions itself as a “human” company, so far only communicates with the community through lawyers.

What we have — we have

This situation is not the end of the world for Anthropic. Claude remains a powerful model. I’m not going to migrate to another tool because of this leak. Although recently I’m more bothered by endless “Elevated timeouts on requests to Claude Opus 4.6” in statuses — especially when you’re paying for a Max plan. Coincidence with the leak? I don’t think so. But it’s a moment of truth: how a company responds to a crisis — says more about it than any marketing.

So far, Anthropic chose the path of lawyers and DMCA. But the door is already open. And, as Theo aptly noted, true community enthusiasm will always defeat corporate panic.

390,000 lines of TypeScript now belong to the internet. Anthropic can either make this an advantage — or spend the next months sending DMCA notices into the void.

For now — I’m going back to work in Codex Claude Code.

Vitalii Kaplia

Founder, Web Developer & WordPress Expert

I became interested in programming back in 1997. The first acquaintance with a future profession was using Visual Basic. In…

More about author

Custom WordPress development expert

Free consultation + cost calculation

More interesting articles

28 20 Mar WordPress 7: What awaits us? Vitalii Kaplia Articles 9 min
23 22 Feb CI/CD on WordPress Vitalii Kaplia Articles 6 min
19 19 Feb WordPress Security: One Case Study Worth a Thousand Tips Vitalii Kaplia Articles 9 min
19 17 Feb The “Lexus on Gas” Paradox Vitalii Kaplia Articles 9 min
40 14 Feb Vibe Coding — a new reality Vitalii Kaplia Articles 9 min
18 14 Feb Customer Portal: Dream Automation! Vitalii Kaplia Articles 8 min
26 14 Feb WordPress in 2026 – Is There a Future? Vitalii Kaplia Articles 9 min
17 13 Feb Live and learn Vitalii Kaplia Articles 6 min
22 14 Dec Not a redesign, but a complete rethinking Vitalii Kaplia Articles 4 min
Start typing to search
Customer login
Services
All services
Portfolio
View portfolio
Blog
Read blog

Contacts and information

+380 67 208 9900
Book a call Choose a convenient date and time and we will hold an online meeting with you.

This site uses cookies

We use cookies to personalize content and ads, provide social media features, and analyze our traffic. We also share information about your use of our website with our social media, advertising, and analytics partners, who may combine it with other information you have provided to them or collected when you use their services. By continuing to use our site, you consent to our use of cookies and accept our Privacy Policy and Terms of Use.

Any questions?

Let’s make a cool
project together!

Ready to turn any of your ideas into a strong, reliable, and well-thought-out web project. Write to me — and I will gladly get back to you with a working prototype and a ready proposal!

Let’s discuss your project?
Services
All services
Portfolio
View portfolio
Blog
Read blog

Contacts and information

+380 67 208 9900
Book a call Choose a convenient date and time and we will hold an online meeting with you.