Anthropic Accidentally Leaked the Source Code of Claude Code, and You Can Run It Right Now Using...

Member-only story

Anthropic Accidentally Leaked the Source Code of Claude Code, and You Can Run It Right Now Using Google Antigravity

The complete TypeScript soul of the most powerful AI coding agent on the planet sat exposed on npm for hours. Here is your guided tour of the ghost in the machine.

On March 31, 2026, a researcher named Chaofan Shou posted four words on X that set the developer internet on fire.

"Claude code source code has been leaked via a map file in their npm registry!"

I was sitting at my desk when the notification hit. I almost scrolled past it, assuming it was another breathless AI headline that would turn out to be nothing. But then I clicked. And I kept reading for three hours straight.

The flaw was almost insultingly simple. Claude Code is built on Bun, which Anthropic acquired in late 2025. Bun generates source maps by default. Someone on the release team failed to add *.map to .npmignore, and the resulting cli.js.map file, shipped with @anthropic-ai/claude-code version 2.1.88, contained a sourcesContent JSON array holding every original TypeScript file: readable, commented, and complete.

The funniest part is that there is an entire system inside Claude Code called "Undercover Mode," specifically designed to prevent Anthropic's internal information from...