Claude Code source map leak exposes 1,900+ files and hidden features

On March 31, security researcher Chaofan Shou (@Fried_rice) tweeted that the source code of Claude Code had been leaked through a source‑map file bundled in the npm package, and the news quickly went viral.

The leak was not caused by a hack; Anthropic inadvertently included the .map file in the production distribution. A source map is a JSON file that contains two key arrays: sources (paths to original files) and sourcesContent (the full source code), which are used for debugging compiled code.

A 57 MB .map file contained the complete content of 4,756 source files, of which 1,906 are Claude Code’s own TypeScript/TSX files and the remaining 2,850 belong to node_modules dependencies.

Extracting the code required no reverse engineering; the sourcesContent field holds the exact original source text.

1,900+ source files

512,000+ lines of code

Full tool system (bash, file operations, permission management)

50+ slash‑command implementations

Multi‑agent coordinator

React/Ink terminal UI

IDE bridge layer

Permission engine

Datadog telemetry with complete metadata fields

Several never‑public features

The most exciting part for the community was the discovery of hidden “easter‑egg” functionalities:

Buddy : a virtual pet in the terminal with 18 species, rarity levels, and AI‑generated souls.

Custom Agent Wizard : lets users create and configure AI agents, choosing model types, tools, memory, and context.

Agent Swarms : a console for managing a team of agents created via the wizard.

Auto‑Dream : automatically aggregates and submits memories when the user is idle, inspired by human sleep memory consolidation.

Torch : a hidden feature with no documentation; even the discoverer admitted “no fucking idea, it’s hidden but sounds cool.”

UNDERCOVER MODE – CRITICAL : a permission‑protected hidden mode whose purpose remains unknown.

The same mistake occurred in February 2025; Anthropic patched the old version and thought the issue resolved, only to repeat the error with the same packaging mistake.

"They fixed it in February, removed the old version, and moved on. Today they did exactly the same thing again. On the same day, axios suffered one of the largest supply‑chain attacks in npm history. npm had a rough day."

Community members quickly responded: tech blogger @T3chFalcon posted GitHub mirror links (later DMCA‑takedowned), others shared screenshots, memes, and commentary. One user summed it up: "My timeline is flooded with ‘Claude code leak’ posts. Option 1: open‑source it. Option 2: add more features."

Anthropic later removed the source‑map from the npm package, but earlier versions had already been archived and distributed.

From a security perspective, the incident is not a sophisticated breach; it is a basic supply‑chain oversight. Source maps should never be shipped in production, and most build tools exclude them by default. The repeat occurrence suggests the February post‑mortem either missed the root cause or failed to enforce the fix, highlighting a gap in release‑process checks for .map files.

"No hacker, no vulnerability exploitation, no firewall bypass. Just a small slip in the release process that exposed private code. Most leaks aren’t caused by sophisticated attackers." – @krishdotdev

For developers publishing npm packages, the lesson is clear: verify that your build does not include a .map file with a populated sourcesContent field before releasing.