Anthropic Accidentally Leaks Claude Code Source via npm Package

On March 31, 2026, security researcher Chaofan Shou discovered that Anthropic had accidentally published Claude Code version 2.1.88 to the npm registry with a 59.8MB source map file exposing approximately 1,900 files containing over 512,000 lines of TypeScript code. An Anthropic spokesperson confirmed the incident was "a release packaging issue caused by human error, not a security breach."

This marks the second time Anthropic has made the same mistake—a nearly identical source-map leak occurred with an earlier version of Claude Code in February 2025. After the previous leak, Anthropic issued DMCA takedowns for 438 GitHub repositories that had forked the code.

What the Leaked Code Revealed

The leaked source code contained significant revelations about Anthropic's development roadmap:

KAIROS: A feature flag mentioned over 150 times, representing an autonomous daemon mode that would allow Claude Code to operate as an always-on background agent
Model codenames: Capybara is the internal codename for Claude 4.6 variant, Fennec maps to Opus 4.6, and Numbat is still in testing
44 feature flags: Covering features that are fully built but not yet shipped to users
Implementation details: Including "fake tools," "frustration regexes," and "undercover mode"

Snapshots of the leaked code were quickly backed up to GitHub and forked more than 41,500 times before Anthropic could respond.

Financial Impact and Clarifications

Claude Code reportedly brings in approximately $2.5 billion annually and represents a significant portion of Anthropic's overall business. The leak comes just days after Fortune reported that Anthropic had inadvertently made close to 3,000 files publicly available, including a draft blog post detailing a powerful upcoming model.

It's important to clarify that this leak exposed Claude Code's CLI tool source code—the client-side application that runs on users' machines—NOT the Claude AI model itself, which remains proprietary and hosted on Anthropic's servers.

Key Takeaways

Anthropic accidentally published Claude Code v2.1.88 to npm with a 59.8MB source map exposing 512,000+ lines of TypeScript code
This is the second time the same packaging error has occurred, following a similar leak in February 2025
The leaked code revealed unannounced features including KAIROS autonomous mode and model codenames like Capybara (Claude 4.6) and Fennec (Opus 4.6)
Claude Code generates approximately $2.5 billion in annual revenue for Anthropic
The leak affected the CLI tool's source code, not the underlying AI model itself

What the Leaked Code Revealed

The leaked source code contained significant revelations about Anthropic's development roadmap:

KAIROS: A feature flag mentioned over 150 times, representing an autonomous daemon mode that would allow Claude Code to operate as an always-on background agent

Model codenames: Capybara is the internal codename for Claude 4.6 variant, Fennec maps to Opus 4.6, and Numbat is still in testing

44 feature flags: Covering features that are fully built but not yet shipped to users

Implementation details: Including "fake tools," "frustration regexes," and "undercover mode"

Snapshots of the leaked code were quickly backed up to GitHub and forked more than 41,500 times before Anthropic could respond.

Financial Impact and Clarifications

Key Takeaways

Anthropic accidentally published Claude Code v2.1.88 to npm with a 59.8MB source map exposing 512,000+ lines of TypeScript code

This is the second time the same packaging error has occurred, following a similar leak in February 2025

The leaked code revealed unannounced features including KAIROS autonomous mode and model codenames like Capybara (Claude 4.6) and Fennec (Opus 4.6)

Claude Code generates approximately $2.5 billion in annual revenue for Anthropic

The leak affected the CLI tool's source code, not the underlying AI model itself