Claude Code Source Code Leak: What Happened and What We Learned
In March 2026, Anthropic made one of the most unusual mistakes in recent AI company history: it accidentally published the entire Claude Code source code on npm. In a few hours,1,900 files e 512,000 lines of codewere circulating on the internet. The incident generated coverage from Bloomberg and TechCrunch, thousands of repositories on GitHub, a wave of DMCA requests, and an intense debate about transparency in the artificial intelligence ecosystem.
This article reconstructs everything that happened, what the code revealed about Claude Code's architecture, how Anthropic reacted, and what we -- as users and developers -- can learn from the episode.
1. What happened: the chronology of the leak
Claude Code is distributed as an npm package (@anthropic-ai/claude-code). Typically, the published package contains only the compiled and minified code -- that is, functional but unreadable. The original source code, with comments, folder structure and readable logic, resides on Anthropic's internal servers.
At some point during a routine update, the build process silently failed. Instead of publishing just the minified bundle, the CI/CD pipeline included the full source code directory in the npm package. The result was a package that, in addition to the normal executable, contained the entire project's original code tree.
Approximate timeline
- Hour 0:Anthropic publishes new version of npm package with source code accidentally included
- Hour 1-2:Developers notice unusual files in the package. First posts on forums and social networks
- Hour 3-4:The code begins to be redistributed in public repositories on GitHub. Dozens of forks appear in minutes
- Hour 5-6:Anthropic detects the problem and publishes a corrected version of the package, without the source code
- Hour 8-12:Anthropic begins submitting DMCA requests to GitHub to remove repositories hosting the code
- Next day:Bloomberg and TechCrunch publish articles about the incident
- Following days:Anthropic publicly admits that some DMCAs were mistakenly sent to repositories that did not contain the leaked code
What draws attention is the speed at which the code spread. npm is a public platform -- anyone can download any package and inspect its contents. All it took was one curious developer to donpm packand looking at the files to realize that something was different.
Technical context:npm packages are files.tgz(compressed tar). You can download any package and extract it to see all the files included. This is why sensitive information should never be published in npm packages -- once published, the content is accessible to anyone in the world.
2. The numbers: 1,900 files and 512,000 lines
The leak was not trivial. The numbers reveal the real scale of the Claude Code project:
| Metric | Value |
|---|---|
| Total files | ~1,900 |
| Lines of code | ~512,000 |
| Main language | TypeScript |
| Package size with font | Significantly larger than normal |
| Repositories on GitHub (before DMCA) | Thousands |
To put it in perspective: 512,000 lines of code and a large project. Most web applications have between 10,000 and 100,000 lines. Claude Code, as a CLI tool that manages files, executes commands, interacts with APIs and offers an interactive interface in the terminal, justifies this complexity.
The code was in TypeScript, which isn't surprising -- it's the default language for modern Node.js projects. What surprised many developers was the organization and amount of logic involved in resources that, from the user's side, seem simple. Context management, permissions control, internal tools (Read, Edit, Write, Bash, Grep, Glob), all of this requires thousands of lines of carefully structured code.
What does 512,000 rows include
Not all 512,000 lines are "working code" in the strictest sense. A project of this scale includes:
- Application code:Claude Code's main logic -- session management, tools, terminal interface, API communication
- Tests:unit and integration tests that validate the behavior of each component
- Settings:configuration files for TypeScript, linters, bundlers and CI/CD
- Types and interfaces:TypeScript type definitions that document the data structure
- Utilities:auxiliary functions, helpers and reusable abstractions
Still, even discounting tests and configurations, the codebase is impressive. Claude Code is not a thin wrapper over an API -- it is complete, sophisticated software.
3. DMCA, GitHub and Anthropic's mistake
Anthropic's initial response to the leak was to submit DMCA (Digital Millennium Copyright Act) requests to GitHub to remove repositories that contained the leaked code. So far, everything is as expected -- the code is proprietary and the company has the right to protect it.
The problem arose when Anthropic admitted thatsome DMCA requests were sent in error. Repositories that did not contain the leaked code -- but that had names or descriptions that mentioned "claude code source" or similar terms -- were targeted for incorrect takedowns.
What is a DMCA takedown
The DMCA is an American law that allows copyright holders to request the removal of content that infringes their rights. On GitHub, when a DMCA request is accepted, the repository is disabled and the owner receives a notification. The owner can object with a counter-notice, but the process takes time and causes inconvenience.
The impact of incorrect DMCAs
For the developer community, incorrect DMCAs are a serious problem. They can:
- Take down legitimate projects:an open source repository that only discussed or analyzed the Claude Code (without containing the leaked code) may be unfairly removed
- Create chilling effect:Developers are afraid to create content related to Claude Code for fear of receiving a DMCA
- Damage the company's reputation:Acting too aggressively in IP protection generates antipathy in the community
Anthropic, to its credit, publicly acknowledged the error and rolled back the incorrect DMCAs. But the damage to public perception had already been done. The episode fueled criticism that large AI companies use legal tools disproportionately, even when the "leak" was caused by their own error.
Important Note:Redistributing leaked proprietary code is illegal, even if the leak was accidental. However, discussing, analyzing or commenting on the content of the code (without reproducing it) is protected by freedom of expression and by principles of fair use in educational and journalistic contexts.
4. Media coverage: Bloomberg, TechCrunch and the ripple effect
The leak quickly transcended niche developers and reached mainstream business and technology media.
Bloombergcovered the incident focusing on the corporate angle: a company valued at billions of dollars accidentally published its proprietary code. The article highlighted the implications for investors and Anthropic's competitive strategy, since competitors such as OpenAI and Google could, in theory, study the implementation.
TechCrunchaddressed the technical and community angle: what the code revealed about Claude Code, the developers' reaction and the debate about open source vs proprietary code in AI tools.
Reaction on social media
On X (formerly Twitter), Reddit and Hacker News, the reaction was mixed:
- Curious Developers:Many downloaded and analyzed the code out of technical interest, wanting to understand how such a sophisticated tool works inside.
- Open source advocates:argued that the leak proved that there is no "secret sauce" that justifies keeping the code closed, and that Anthropic should officially open the code
- Critics of DMCAs:the aggressive takedown action generated outrage, especially when innocent repositories were hit
- Pragmatists:Many simply observed that deployment errors happen in any company and that the episode, although embarrassing, was not catastrophic.
The most significant ripple effect was the boost to the debate on transparency in AI. If a tool that runs on a user's computer, reads their files and executes commands is closed source, should users have the right to audit that code? The leak turned this theoretical question into something concrete.
10. The future of Claude Code post-leak
What changes for Claude Code after this episode? Probably more than Anthropic would like to admit, and less than critics expect.
More rigorous deployment processes
Anthropic will certainly review and reinforce its CI/CD processes. The error that caused the leak -- including source code in the published package -- is the type of problem that should have been caught by automatic checks. Expect improvements in this area.
Possible partial opening of the code
The leak removed the aura of mystery surrounding Claude Code's code. The community saw what was inside and found nothing scary. This could pressure Anthropic to consider an open core model or, at the very least, publishtechnical documentationmore detailed information about the internal architecture.
Strengthening the skills ecosystem
Ironically, the leak could strengthen the skills ecosystem. Developers who analyzed the code now better understand how skills interact with the system, which makes it possible to create more sophisticated and better integrated skills. The SKILL.md format, which was already documented, is now supported by the actual code that processes it.
More informed competition
Competitors likeGitHub Copilot, Cursor and other coding agents now have a detailed look at how Anthropic implemented Claude Code. This can accelerate improvements in competing tools, which ultimately benefits all users. Informed competition leads to better products.
Claude Code was already the #1 tool among developers before the leak. After him, the position will probably be maintained -- the quality of the code confirmed that the leadership is deserved. But the episode serves as a reminder that no company, no matter how sophisticated, is immune to basic operational errors.
Claude evolves. Your skills too.
It's not enough to have the most advanced tool — you need to know how to use it. Skills are professional shortcuts that transform Claude into an expert. 748+ skills, 7 categories, $9.
Quero as Skills — $9FAQ
Yes. In March 2026, Anthropic accidentally published about 1,900 files and 512,000 lines of code from Claude Code to npm. The package was publicly accessible for hours before it was patched. Thousands of developers downloaded and redistributed the code on GitHub before it was removed via DMCA.
There is no official indication from Anthropic in this regard. The leak was accidental and the company acted quickly to remove the code from public repositories via DMCA. However, the incident reignited the debate about transparency in AI tools, and part of the community argues that the code should be officially open.
Not directly. The leaked code was from the CLI client (the tool that runs on your terminal), not from Anthropic's AI models or servers. No API keys, credentials or user data were exposed. The security of using Claude Code was not compromised by the leak. The permissions system and encrypted communication with the API remain intact.