The Claude Code Source Leak

Yesterday, March 30, 2026, at roughly 4 AM UTC, Anthropic shipped version 2.1.88 of their official @anthropic-ai/claude-code npm package. Buried inside was a single 59.8 MB file: cli.js.map.

That one artifact — a source map that should never have left the build server — instantly gave the world the complete, readable TypeScript source tree of Claude Code: 2,203 files, 512,664 lines of proprietary client-side code.

Within hours, mirrors popped up on GitHub, R2 buckets, and Telegram channels. The entire architecture — agent orchestration, tool permissions, memory systems, slash-command engine, even unreleased internal features — was public.Anthropic pulled the package fast and started issuing DMCA takedowns. Too late. The cat was not only out of the bag; it had already been cloned, forked, and star-bombed.

Then came the rewrite speed run that broke the internet.

One developer (Sigrid Jin, a prominent Claude power user) took the leaked TS, fed it to Claude itself, and produced a clean-room Python port — dubbed “claw-code” — in a matter of hours.

Overnight it racked up tens of thousands of stars. The repo explicitly states it is a from-scratch reimplementation that violates no copyright.

As of this morning, the same team is already porting it again… this time to Rust.

Yes, you read that right.

The code that powers one of the most advanced AI coding agents on the planet was open-sourced by accident, then rewritten twice in under 24 hours using the very AI it was built to help run.

My take on the root cause

This wasn’t a sophisticated supply-chain attack or state actor. It was a classic “we forgot to strip the source maps in the production build” blunder — the same exact mistake Anthropic made with an earlier Claude Code version back in February 2025. A packaging oversight in a CI/CD pipeline that has shipped thousands of releases.

In the rush to iterate on one of the hottest products in AI, someone checked the “include source maps for better error reporting” box and never unchecked it for the public npm tarball.It’s embarrassingly mundane. And that’s what makes it scary.

What might this mean for Anthropic’s forthcoming IPO?

Anthropic is widely expected to go public later this year or early 2027 at a valuation north of $50B. This incident is not existential — the real moat lives in the model weights, training data, and constitutional AI stack, none of which were touched.

But it is a very public reminder that even the most valuable AI company on Earth can fumble basic operational hygiene.

Investors hate operational surprises. A leak like this, right after the earlier “Claude Mythos” model exposure, paints a picture of a company that moves at the speed of light but sometimes leaves the back door open.

Expect a few more pointed questions from VCs and analysts during the roadshow about “IP protection maturity” and “supply-chain security.” Nothing fatal, but it adds friction.

What it says about protecting IP in AI companies.

The era of “our code is our secret sauce” is dead for anything that ships as a client-side tool or npm package. AI companies are now discovering what open-source projects learned a decade ago: if your product touches a developer’s machine, assume the source will eventually be public. The real differentiator is no longer the code — it’s the models, the data flywheel, and the distribution.

More importantly, this episode proves something profound: modern AI coding agents are now so good that a single motivated developer + leaked reference code = production-grade rewrite in hours.

The same technology that created the product can now replicate it faster than legal teams can react.

Anthropic will survive this. They’ll probably ship a native installer that bypasses npm entirely and tighten their build pipeline. But the broader lesson for every AI company racing toward IPO is clear: your biggest IP risk isn’t Chinese hackers or disgruntled employees. It’s a single checkbox in your web-pack config at 4 AM.Welcome to 2026.

The code is already open. The rewrite is already live. Time to build the next thing.