How a Simple npm Misstep Exposed Anthropic’s Claude Code Core Architecture

A misconfiguration in the Anthropic @anthropic-ai/claude-code npm package (v2.1.88) caused a source‑map file ( cli.js.map ) to expose the full TypeScript source of 1,906 files (≈512,000 lines). The leak was discovered on 2026‑03‑31, quickly mirrored on GitHub, and prompted an emergency package update.

Event Timeline

14:00 – Anthropic publishes @anthropic-ai/claude-code v2.1.88.

16:30 – Security researcher Chaofan Shou identifies the cli.js.map containing sourcesContent with the entire codebase.

17:00 – Source extracted and uploaded to a GitHub mirror (https://github.com/instructkr/claude-code).

19:00 – Anthropic releases an emergency update removing the source‑map.

Technical Stack

Runtime: Bun (instead of Node.js)

Terminal UI: React + Ink

Language: TypeScript strict mode

Type validation: Zod v4

Monitoring: OpenTelemetry

Communication: gRPC

Core Engine Files

QueryEngine.ts – ~46 k lines – inference logic, tool‑call loops, token counting.

Tool.ts – ~29 k lines – definitions for 40+ tool interfaces (file ops, Bash execution, LSP integration).

commands.ts – manages 50+ slash commands for the CLI.

coordinator module – implements multi‑agent coordination, spawning sub‑agents and parallel task execution.

Unreleased Features Disclosed

Kairos Daemon : background process for auto‑dream memory re‑organization, idle‑time context optimization, cross‑session memory integration.

Buddy System Virtual Pet : 18 built‑in creatures, rarity system, five‑dimensional attributes, hidden "1 % flash variant" Easter egg.

Undercover Mode : auto‑activates on Anthropic staff operations, erases AI‑generated traces, cannot be manually disabled.

Internal commands such as /teleport (quick navigation), /dream (memory integration), /analyze (deep code analysis – unreleased).

35 compile‑time feature flags exposing the product roadmap.

Internal Model Roadmap

Undisclosed "Capybara" model (code‑named Claude Mythos) – v8 error rate 29‑30%.

Planned context‑window expansion.

Future multimodal capability upgrades.

Root Cause Analysis

The CI/CD pipeline failed to exclude .map files from the published artifacts.

# Erroneous build config (speculative)
build:
  outputs:
    - "dist/**/*"  # ❌ .map files not excluded
  should_publish: true

Correct configuration should explicitly publish only compiled JavaScript and exclude source maps:

# Fixed build config
build:
  outputs:
    - "dist/**/*.js"   # ✅ only compiled JS
    - "!dist/**/*.map" # ✅ exclude source maps
  should_publish: true

Historical Recurrence

Feb 2025 – similar leak in a test version of Claude Code.

Mar 31 2026 – repeat of the same misconfiguration.

Mar 26 2026 – separate CMS configuration error leaked ~3,000 internal documents.

Supply‑Chain Security Recommendations

Enforce pre‑release file audits to detect accidental inclusion of source maps or other sensitive assets.

Configure automated file‑filtering rules in CI/CD pipelines (e.g., explicit exclusion patterns for *.map).

Run regular third‑party package security scans and verify artifact contents before publishing.

Legal & Ethical Considerations

Research‑only use of the leaked code is generally considered non‑infringing, but modification and redistribution may trigger copyright lawsuits.

Commercial products built on the leaked code carry significant legal risk.

The code contains an "emotion monitoring" subsystem that tracks profanity frequency and user interaction patterns, raising privacy concerns.

Implications for Developers

Study QueryEngine.ts to understand LLM call orchestration and token management.

Examine Tool.ts for patterns in designing extensible tool interfaces and permission models.

Analyze the coordinator module to learn multi‑agent collaboration techniques.

Implications for Enterprises

Implement multi‑layer pre‑release review processes.

Deploy automated detection of sensitive files (e.g., source maps, configuration secrets).

Conduct periodic third‑party dependency audits.

Establish an incident‑response playbook for accidental disclosures.

Industry Impact

The leak dramatically lowers the R&D barrier for AI‑agent technology. Teams can now reference a production‑grade multi‑agent architecture, reducing development cycles from 6‑12 months to 2‑3 months and enabling rapid adaptation to domestic models such as DeepSeek, GLM, or Qwen.

Future Outlook

Short‑term (1‑3 months): Surge of derivative projects, heightened legal scrutiny, and competitive pressure on Anthropic.

Mid‑term (3‑12 months): Wider adoption of AI‑agent frameworks by smaller vendors, accelerated domestic model alternatives.

Long‑term (1‑3 years): Full democratization of AI‑agent tech, forcing Anthropic to rebuild its technical moat and potentially reshaping industry standards.

Key Resources (for reference only)

Code mirror repository (use responsibly): https://github.com/instructkr/claude-code

Anthropic official statement: https://www.anthropic.com/news/claude-code-security-update

Technical analysis report: https://www.mintlify.com/VineeTagarwaL-code/claude-code/guides/architecture