On March 31, 2026, at approximately 4:23 AM ET, Chaofan Shou — a 23-year-old intern at Solayer Labs — discovered a 59.8 MB source map file accidentally included in the npm package @anthropic-ai/claude-code v2.1.88. His post on X generated 16 million views in hours. The mirror repository claw-code reached 75,700 GitHub stars (a platform record) with 41,500 forks. The leak exposed 512,000 lines of TypeScript across 1,900 files, revealing Claude Code as a full agentic operating system — not just a CLI tool.
4 AM on a Sunday: The Discovery
The AI industry has a habit of producing its biggest moments at the worst possible hours. Chaofan Shou, who goes by @Fried_rice on X, was browsing npm packages in the early hours of Sunday, March 31, 2026 when he noticed something unusual about the latest Claude Code release. Version 2.1.88 of @anthropic-ai/claude-code contained a file that was dramatically larger than it should have been — a source map weighing 59.8 megabytes.
Source maps are debugging files that map compiled code back to its original source. They are routinely included during development and routinely excluded from production builds. But Anthropic's bundler — Bun, which the company had acquired in December 2025 — generates source maps by default unless explicitly disabled. Someone forgot to disable them. That single oversight exposed the entire Claude Code codebase.
The .map file referenced a ZIP archive hosted on a Cloudflare R2 bucket. Inside: approximately 512,000 lines of unobfuscated TypeScript spread across 1,900 files. Not just the CLI logic — the entire agentic architecture, including features that had never been publicly announced, internal tools reserved for Anthropic employees, and a roadmap of capabilities hidden behind 32 feature flags.
| Leak Metric | Value |
|---|---|
| Source map size | 59.8 MB |
| TypeScript files | ~1,902 |
| Lines of code | ~512,000 |
| Version leaked | v2.1.88 |
| Feature flags (compile-time) | 32 |
| Feature gates (runtime) | 22+ |
| Environment variables | 330+ |
| Commands (unique) | 141 |
| Tool modules | 184 |
| UI components | 389 |
Who Is Chaofan Shou?
Chaofan Shou is a security-minded developer interning at Solayer Labs, a blockchain infrastructure company. His X profile (@Fried_rice) suggests a focus on smart contract security and web3 tooling. He was not specifically hunting for vulnerabilities in AI tools — he stumbled onto the source map while examining npm packages, a common practice among security researchers who routinely audit the supply chain of popular packages.
His discovery post on X was straightforward: a screenshot of the oversized source map file and a brief explanation of what it contained. No sensationalism, no leaked code snippets — just the factual observation that Anthropic had accidentally published their entire source code. The internet did the rest.
Within hours, the post had been seen by millions. Tech journalists, AI researchers, open-source advocates, and security professionals all converged on the same npm package. By the end of the day, the original post had accumulated 16 million views — making it one of the most viral tech discoveries in X history.
The Explosion: 75,700 Stars in Days
The community response was immediate and massive. Sigrid Jin (GitHub handle: instructkr) was among the first to port the leaked architecture. Her repository, claw-code, reimplemented Claude Code's architecture in Python and Rust. It reached 75,700 GitHub stars — an all-time platform record — and 41,500 forks. The velocity was unprecedented: more stars per hour than any repository in GitHub history.
Daniel Nakov created the first direct mirror of the extracted source code. Jeffrey Huntley published deobfuscation techniques (877 stars). The community site ccleaks.com launched as the most comprehensive database of hidden features, cataloging 26 hidden commands, 32 feature flags, 120+ environment variables, and secret CLI flags. A meta-index repository, awesome-claude-code-postleak-insights, aggregated every analysis article, blog post, and technical breakdown.
The Numbers That Define the Moment
| Community Metric | Value |
|---|---|
| Views on X (Shou's thread) | 16 million |
| GitHub stars (claw-code) | 75,700 |
| GitHub forks (mirror) | 41,500+ |
| Rust port lines | ~20,063 |
| Python port files | ~65 |
| Major analysis articles | 12+ |
It Was Not the First Time
What makes this leak even more remarkable is context. The Claude Code source map was the second major Anthropic leak in five days. On approximately March 26, 2026, around 3,000 internal files were accidentally exposed via a CMS error — including a draft blog post revealing a new model codenamed "Mythos" (internally called "Capybara"), described as a tier above Opus. That leak revealed model performance data: Capybara v8 had a 29-30% false affirmation rate, a significant regression from v4's 16.7%.
And there was a precedent even before that. In February 2025, Dave Shoemaker had discovered a source map inline in the original Claude Code npm package — 18 million characters in base64, embedded directly in cli.mjs. Anthropic reacted quickly, unpublishing the version and purging caches, but Daniel Nakov had already extracted and published the code on GitHub. Between those two leaks, Anthropic published 363 versions of Claude Code — and the same class of vulnerability reoccurred.
The technical cause both times was the same: Bun, Anthropic's bundler, generates source maps by default. The fix is a single configuration line. The fact that it happened twice, 13 months apart, raised serious questions about Anthropic's build pipeline and release processes.
What the Leak Actually Revealed
The significance of the leak goes far beyond the embarrassment of exposing source code. The 512,000 lines of TypeScript revealed that Claude Code is not a terminal tool — it is a complete agentic operating system. Among the top revelations:
- KAIROS — An always-on daemon agent that receives heartbeat ticks, acts proactively with a 15-second blocking budget, and has exclusive tools like SleepTool, SendUserFile, and PushNotification. Mentioned 150+ times in the code.
- Anti-Distillation — A system that injects fake tool definitions into API requests to poison the training data of competing models.
- Undercover Mode — A mode that suppresses all Anthropic traces when employees work on public repositories, with the system prompt ordering: "Do not blow your cover."
- Coordinator Mode — A multi-agent orchestrator where one lead Claude directs N workers in parallel across four phases: Research, Specification, Implementation, Verification.
- Buddy System — A Tamagotchi-style companion with 18 species, 5 rarity tiers, RPG stats, and ASCII art sprites. Planned April Fools teaser, spoiled by the leak.
- AutoDream — A memory consolidation system inspired by REM sleep that periodically reviews and compresses session memories.
- 330+ environment variables and 1,000+ telemetry event types documenting extensive data collection.
Anthropic's Response
Anthropic's official statement characterized the incident as a "release packaging issue caused by human error, not a security breach." They issued DMCA takedown notices on GitHub targeting the mirror repositories. But the code had already been forked 41,500 times and cached across decentralized mirrors. The ccleaks.com database remained accessible. The community had moved faster than legal could.
Security experts noted the absence of multi-step approval processes in Anthropic's release pipeline. For a company that positions itself as the AI safety leader — whose founding mission centers on building safe, steerable AI — the optics of two accidental leaks in five days were damaging. Fortune reported that Claude 4.6 Opus was already classified as dangerous in cybersecurity, capable of "autonomously identifying zero-day vulnerabilities." The exposure of its internal safeguards amplified those concerns.
The Human Story
Strip away the technical details and the corporate implications, and what remains is a remarkably human story. A 23-year-old intern, browsing npm packages at 4 AM on a Sunday, noticed a file that was too large. He posted about it. And within 12 hours, the biggest AI company leak in history had unfolded.
Shou did not hack anything. He did not exploit a vulnerability. He downloaded a public npm package and looked at its contents — something any developer can do, and something security researchers do routinely. The source map was public. The R2 bucket was accessible. The code was unobfuscated. All he did was notice.
The implications rippled across the entire AI industry. Competitor companies like OpenAI, Google, and Mistral immediately audited their own npm and PyPI packages. Build tool maintainers (including the Bun team, now owned by Anthropic) added warnings about source map inclusion in production builds. Package registries considered adding size anomaly detection. All because one intern looked at a file size and thought: that seems too big.
The AI industry spent billions building the most sophisticated software systems ever created. The keys to one of them were exposed because of a single missing configuration line in a bundler. One intern found it. Sixteen million people watched it happen.
Frequently Asked Questions
Who discovered the Claude Code source code leak?
Chaofan Shou (@Fried_rice on X), an intern at Solayer Labs, discovered a 59.8 MB source map in the npm package @anthropic-ai/claude-code v2.1.88 on March 31, 2026 at approximately 4:23 AM ET. His post about the discovery reached 16 million views on X.
How many GitHub stars did the mirror repository get?
The claw-code repository by Sigrid Jin (instructkr) reached 75,700 GitHub stars — an all-time platform record — with 41,500+ forks. It reimplemented Claude Code's architecture in Python and Rust.
Was this the first time Claude Code source was leaked?
No. In February 2025, Dave Shoemaker discovered an 18-million-character source map inline in the original Claude Code npm package. The same class of vulnerability — Bun's default source map generation — caused both leaks, 13 months apart.
How did the leak happen technically?
Bun (Anthropic's bundler, acquired December 2025) generates source maps by default unless explicitly disabled. The 59.8 MB .map file referenced a ZIP archive on Cloudflare R2 containing 512,000 lines of unobfuscated TypeScript across 1,900 files. A single missing configuration line caused the exposure.
What was Anthropic's official response?
Anthropic called it a "release packaging issue caused by human error, not a security breach." They issued DMCA takedowns on GitHub mirrors, but the code had already been forked 41,500+ times and cached on decentralized mirrors including ccleaks.com.
