What a 59.8 MB Source Map Revealed About Claude Code’s Architecture and Security

On March 31, 2026, a misconfigured npm package @anthropic-ai/claude-code v2.1.88 unintentionally published a cli.js.map file of 59.8 MB, exposing the entire TypeScript source of Anthropic’s Claude Code tool.

The source‑map contains the sourcesContent field, which embeds every original file, resulting in more than 1,900 files and 51.2 k lines of code being publicly downloadable from the GitHub repository (https://github.com/instructkr/claude-code). Within minutes the repo attracted over 5,000 stars and tens of thousands of downloads.

Analysis of the recovered code reveals the full engineering architecture: the UI is built with React + Ink and runs on the Bun runtime; the core QueryEngine.ts module alone spans 4.6 k lines and handles reasoning, token counting, tool scheduling and permission checks. Around 40 independent modules implement file I/O, Bash execution, LSP integration, and a bridge to VS Code/JetBrains.

Several previously undisclosed features were also found:

Kairos : a persistent background daemon that maintains session memory and claims to be “never offline”.

Buddy : an “electronic pet” system that generates a random creature for each user ID, complete with rarity, variants and animated sprites.

Undercover Mode : automatically strips AI usage traces from commit history and cannot be disabled manually.

Auto Mode and Coordinator Mode : classifiers for automatic tool‑permission approval and multi‑agent scheduling.

These hidden modules expose Anthropic’s product roadmap and its experimental approach to AI autonomy, fun, and security controls.

Security researchers note that while model weights were not leaked, the exposed internal security logic could provide new attack vectors. The incident also sparked a wave of community forking and experimentation, with developers integrating the code into other agent frameworks.

The breach serves as a stark reminder for all npm package maintainers: ensure that source‑map files do not include the sourcesContent field before publishing, as a single line can reveal an entire codebase. For Anthropic, the fallout is both technical—patching the packaging process—and reputational, challenging its “responsible AI” narrative.

Overall, the Claude Code leak offers a rare, real‑world case study of supply‑chain misconfiguration, AI product architecture, and the importance of rigorous release hygiene in the rapidly evolving AI industry.