'More Open Than OpenAI': Anthropic Accidentally Leaks Claude Code, Triggering a Race to Replicate It

The news came after Anthropic released Claude Code version 2.1.88 to the npm package registry early Tuesday morning. The release mistakenly included a 59.8MB JavaScript source map, a file designed for internal debugging that can fully reconstruct the original code.

These files are normally kept private, but a minor error in the ignore settings allowed it to be published. Within hours, an intern and researcher named Chaofan Shou flagged the leak on X, where the download link attracted millions of viewers.

An Anthropic spokesperson told Decrypt, 'Earlier today, a Claude Code release included some internal source code. No sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach. We're rolling out measures to prevent this from happening again.'

Claude Code Leak Stirs Global Replication Effort

Once the code was public, attempts to remove it proved futile.

DMCA takedowns were issued against GitHub mirrors, but developers quickly began clean-room rewrites. One notable example came from Korean developer Sigrid Jin, who ported the code to Python using an AI orchestration tool and posted it under a new repository called Claw-Code. Within hours, the project had gained tens of thousands of stars, demonstrating the difficulty of containing digital information once it escapes into the wild.

The leak revealed the inner workings of Claude, including its multi-agent coordination, permission logic, OAuth flows, and dozens of unreleased features. Among them were Kairos, a background daemon that consolidates memory overnight, and Buddy, a Tamagotchi-style AI assistant with complex stats including debugging, patience, and learning capabilities.

Buried in the code was also an 'Undercover Mode', designed to prevent the AI from exposing Anthropic's internal project names when contributing to open-source repositories.

Gergely Orosz, founder of The Pragmatic Engineer newsletter, noted, 'Anthropic accidentally leaked the TS source code of Claude Code. Repos sharing the source are taken down with DMCA, but a clean-room rewrite using Python violates no copyright and cannot be removed.'

Why This Leak Is Hard To Contain

Decentralisation makes the problem even harder. The original Claude Code has been copied to platforms like GitLawb, a decentralised git service, where it can't easily be taken down with traditional legal notices.

Other repositories have also collected Claude's internal system prompts, giving prompt engineers and AI researchers a clear look at how the model is trained and guided.

Legal questions make the situation even trickier. If parts of Claude Code were written by the AI itself, as Anthropic's CEO has suggested, it's unclear how much the company can claim as its own intellectual property. At the same time, decentralised storage and torrent sharing mean the leaked code can't realistically be erased.

For Anthropic and other AI firms, the leak raises urgent questions about how to protect their work while still contributing to a more open, collaborative research environment. To quote one commenter, 'Anthropic is now officially more open than OpenAI.'

As of 1 April 2026, the Claude Code source leak is still very much an active and unresolved situation — and the code can still be found online in various forms, despite Anthropic's attempts to pull it back.

Developers continue to share and discuss versions of the leaked code, including rewrites, forks, and snippets, on forums and decentralised services. This means parts of Claude Code remain publicly accessible despite Anthropic's containment efforts.