What the Claude Code Source Leak Reveals About Its Architecture and Security

In early April 2024, a user discovered that the npm package @anthropic-ai/claude-code unintentionally included source‑map (.map) files that exposed the complete TypeScript source of the Claude Code CLI.

These source maps contain full file paths and source code, which should only be present in development environments. By extracting the maps, researchers were able to reconstruct the entire codebase and publish it on GitHub for security research.

This repository (https://github.com/instructkr/claude-code) claims to provide a full snapshot of the Claude Code CLI source for security and supply‑chain analysis, without asserting any copyright.

The released project contains roughly 1,900 source files and over 512,000 lines of strict‑typed TypeScript code. Its technology stack includes:

Language: TypeScript (strict)

Terminal UI: React + Ink

CLI parsing: Commander.js

Schema validation: Zod v4

Search: ripgrep

Protocols: MCP SDK, LSP

Telemetry: OpenTelemetry + gRPC

Authentication: OAuth 2.0, JWT, macOS Keychain

Key source files highlighted in the repository are:

src/main.tsx – entry point that initializes the React/Ink UI.

src/QueryEngine.ts – core engine for LLM calls and tool loops (≈ 46 k lines).

src/Tool.ts – base class and type definitions for all tools (≈ 29 k lines).

src/commands.ts – registration and dispatch of slash commands (≈ 25 k lines).

src/commands/ – implementations of dozens of commands such as /commit, /review, /mcp, /config, /doctor, /memory.

src/tools/ – utilities for file I/O, bash execution, MCP calls, SkillTool, AgentTool, Cron, RemoteTrigger, etc.

src/services/ – integration with Anthropic API, MCP, OAuth, LSP, feature flags, memory extraction, team‑memory sync.

Additional directories like bridge/ (IDE bridge), plugins/ , skills/ , memdir/ (long‑term memory), and remote/ (remote sessions).

The leak provides an almost complete view of Claude Code’s product architecture, component boundaries, and internal mechanisms, including many comments, TODOs, and traces of unpublished features. However, it does not contain the underlying large language model weights or training data; only the CLI’s TypeScript source was exposed.

Repository: https://github.com/instructkr/claude-code