Claude Code LEAKED (Might be Good for us...)

Summary

Anthropic just experienced their second major leak in two weeks - this time exposing the complete source code of Claude Code, their agentic CLI tool for developers. This wasn't a sophisticated hack; it was a simple packaging mistake. When pushing Claude Code to npm, someone forgot to add a critical line to the .npmignore file, which meant source map files were included in the public package. These source maps pointed directly to a zip archive containing 512,000 lines of TypeScript across nearly 1,900 files, hosted on Anthropic's Cloudflare storage. What got leaked includes 43 built-in tools that Claude Code uses, 44 feature flags (many hidden from users), 26 undocumented slash commands, and over 120 .env files. Security researcher Mr. Fried Rice discovered the leak and posted it on X, where it quickly spread. While this isn't Anthropic's entire codebase or model weights, it's still the complete blueprint of one of their flagship commercial products. The silver lining? This leak might actually benefit Claude Code users. Similar to how Perplexity constantly improves their system after prompt injection attempts, Anthropic will likely pour massive resources into making Claude Code even more powerful to compensate for this mistake. You've already seen how much they've shipped in the past 52 days - expect them to accelerate development significantly. The leaked code might become obsolete within weeks as Anthropic rushes to build superior versions. No customer credentials or model weights were exposed, so your data remains safe. The main lesson here: always double-check your packaging pipeline before shipping, and maybe ask Claude Code itself if anything sensitive is about to leak.