Claude Code's Source Code Leaks Via npm Source Maps (dev.to)
- Reference: 0181193354
- News link: https://developers.slashdot.org/story/26/03/31/172257/claude-codes-source-code-leaks-via-npm-source-maps
- Source link: https://dev.to/gabrielanhaia/claude-codes-entire-source-code-was-just-leaked-via-npm-source-maps-heres-whats-inside-cjo
> A security researcher has [2]leaked a complete repository of source code for Anthropic's flagship command-line tool. The file listing was [3]exposed via a Node Package Manager (npm) mapping , with every target publicly accessible on a Cloudflare R2 storage bucket.
There's been a [4]number of [5]discoveries as people continue to [6]pore over [7]the code . The DEV Community outlines some of the leak's most notable architectural elements and the key technical choices:
Architecture Highlights
The Tool System (~40 tools) : Claude Code uses a plugin-like tool architecture. Each capability (file read, bash execution, web fetch, LSP integration) is a discrete, permission-gated tool. The base tool definition alone is 29,000 lines of TypeScript.
The Query Engine (46K lines) : This is the brain of the operation. It handles all LLM API calls, streaming, caching, and orchestration. It's by far the largest single module in the codebase.
Multi-Agent Orchestration : Claude Code can spawn sub-agents (they call them "swarms") to handle complex, parallelizable tasks. Each agent runs in its own context with specific tool permissions.
IDE Bridge System : A bidirectional communication layer connects IDE extensions (VS Code, JetBrains) to the CLI via JWT-authenticated channels. This is how the "Claude in your editor" experience works.
Persistent Memory System : A file-based memory directory where Claude stores context about you, your project, and your preferences across sessions.
Key Technical Decisions Worth Noting
Bun over Node: They chose Bun as the JavaScript runtime, leveraging its dead code elimination for feature flags and its faster startup times.
React for CLI: Using Ink (React for terminals) is bold. It means their terminal UI is component-based with state management, just like a web app.
Zod v4 for validation: Schema validation is everywhere. Every tool input, every API response, every config file.
~50 slash commands: From /commit to /review-pr to memory management -- there's a command system as rich as any IDE.
Lazy-loaded modules: Heavy dependencies like OpenTelemetry and gRPC are lazy-loaded to keep startup fast.
[1] https://slashdot.org/~Grady+Martin
[2] https://x.com/Fried_rice/status/2038894956459290963
[3] https://dev.to/gabrielanhaia/claude-codes-entire-source-code-was-just-leaked-via-npm-source-maps-heres-whats-inside-cjo
[4] https://www.reddit.com/r/ClaudeAI/comments/1s8lkkm/i_dug_through_claude_codes_leaked_source_and/
[5] https://www.reddit.com/r/ClaudeAI/comments/1s8ifm6/claude_code_source_code_has_been_leaked_via_a_map/
[6] https://www.the-ai-corner.com/p/claude-code-source-code-leaked-2026
[7] https://news.ycombinator.com/item?id=47584540
Re: (Score:2)
> I guess that makes Anthropic no longer a threat to the US. The man can now take it and do what he wants.
I'm not sure how much "the man" (Hegseth?) can do with what was leaked. It appears to be the code for the command-line tool, not the LLM or its trained weights.
Re: (Score:2)
I'd be more worried if competent people were attempting something.
These idiots can't even redact documents properly.
TypeScript? (Score:1)
I never would have guessed that one. I stopped writing JavaScript a decade ago so I’m out of that loop. It just really surprised me that the popular Python language wasn’t used.
Re: (Score:3)
They probably wanted a scripting language that wasn't a total dog when it comes to speed.
Re: (Score:3)
Then they should have used Tcl.
Re: (Score:2)
Cause yeah, popular is how you should always make arch decisions. And also WTH would anyone use Python for a serious system that requires performance? Python brings us back to that days of BASIC, "oh but you can call functions written in other languages that are fast" It is an order of magnitude thing too, not just a gripe from some benchmarking basement dwellers.
Re: TypeScript? (Score:2)
Claude just needs to load fast, relatively..,it doesn't need to do anything else fast because the bottleneck is the ai calls or tools. Python would be perfectly fine here. Ideal even. The reason why not was likely not related to performance primarily. 3.12 python is plenty fast for a higher level language with a ton of experienced developers for it. It's likely that the choice came down to what the dev team uses elsewhere....and so just code it in the same language. Companies work that way far mo
Re: (Score:3)
One claude code's maintainer tried to flex and said his software was comparable to "a small game engine". So no, they want performance, smooth text animation. For some reason they chose to use React to do terminal text rendering and struggle to achieve 60fps. Imagine if they chose Python+react. Note, I never used claude, just copilot and codex and I can't see why it's difficult to achieve 60fps basic text animation on modern machine, we had mplayer playing movies in the terminal back in the days. Maybe they
Re: TypeScript? (Score:3)
I use claude regularly (we have to). I'm not sure what text animation is being required ...,it doesn't do anything you haven't seen it any ncurses type of application and any animation is simply aesthetic in the tool. All of the actual content is effectively just scrolling the text the ai or tools output or menu driven navigation. Again, i think the framework and stack was chosen because that's just what they use in general first and foremost. You dont need high performance to rotate a stupid 'waiting
Re: (Score:2)
Well I 100% agree with you but the authors think they are vibe coding a text based game engine in react. I guess it's good for them since AI probably scores better on React than ncurse. TBH I'm not a fan of these people, just a BS tweets among others.
Re: (Score:2)
> Cause yeah, popular is how you should always make arch decisions. And also WTH would anyone use Python for a serious system that requires performance?
Claude code is basically just a fancy network client for the cloud-hosted LLM. There is nothing in it demanding high performance. It just needs to be a sandbox around the shell environment and be able to send off prompts, collect user input, and carry out intents returned from the LLM. 99.9% of the time the CLI app is idle waiting for user input, idle waiting for LLM network I/O, or idle waiting for a cli tool invocation to return.
The more important requirement is for it to be something cross platform and
Re: (Score:2)
JavaScript is actually a pretty interesting, powerful language, but one with quite a few problems. (I recommend the book JavaScript: The Good Parts by Douglas Crockford if you want to learn more about that.) TypeScript solves some, but by no means all, of those problems. From what I've heard, it's increasingly popular.
Re: (Score:1)
I remember buying that book many many years ago. It is a fantastic book.
Re:TypeScript? (Score:4, Informative)
That surprised me, too. TypeScript is a very poorly-congealed ("designed" seems a bit strong) language.
Of the two popular scripting languages - python and ruby - python probably makes more sense as you can compile into actual binaries if you want.
For speed and parallel processing, which I'd assume they'd want, they'd be better off with Tcl or Erlang, both of which are much much better suited to this sort of work.
Re: (Score:2)
lol, this place is hilarious sometimes
Re: (Score:2)
Erlang is... weird. 15 years ago I wanted to learn a new and different language and I tried it but i could not wrap my brain around some of its constructs. Then I read a paper by a guy claiming that some things were impossible to do with Erlang (with examples in other languages) and since I didn't have any projects to do with it, i basically forgot all about it.
Re: (Score:2)
Possibly the motivation for [1]this. [howfuckedi...tabase.com]
[1] http://howfuckedismydatabase.com/nosql/
Re: (Score:2)
There are some significant advantages over Python. JavaScript on Node.js (or Bun in this case) is inherently event-driven. TypeScript gives strong typing on top of that. And apparently Bun can package up an app into a standalone executable, also unlike Python. I'm going to have a look at Bun, seems powerful.
Re: (Score:2)
As much as I hate it, TypeScript is a legitimate choice.
There are millions of developers out there to choose from, which makes sourcing talent far easier and cheaper.
There are several runtimes to choose from for optimization, and massive 3rd party library support for practically everything.
It's a strongly-typed language that prevents you from footgunning yourself in any myriad of ways, which "transpiles" back to good ol Javascript that runs everywhere.
Radio silence? (Score:1)
Its very odd that Slashdot would report on this, but with how much the Anthropic/Claude Code sub-reddits have been blowing up with them completely screwing over users with their ridiculous usage limits this past week, remain totally radio silent. Suspicious even.
I will never give Anthropic the time of day after the rug they've pulled on all of us. Screw them.
hmmm (Score:2)
As a non-programmer and non-expert in AI, how bad is this for Anthropic? By client-side they mean this is the source code to what people download anyway? This has nothing to do with the server-side stuff accessed by the Claude chat interface?
Re: (Score:2)
My sense of it is that this code is not the LLM itself, it is the infrastructure and interface layer between the user and the LLM. But even so, there's a lot of expensive work that has been exposed. At the very least it will give the competition some ideas.
Re: hmmm (Score:2)
It's downloaded, but this provides deminified source. Given how they often claim to use LLMs for everything, presumably no copyrights apply to the code either so their competitors can just use it.
Re: (Score:2)
Only if you can distinguish AI-written lines from human-written lines. The human-written lines are still copyrighted and even small snippets would burn a pirate, if I understand the law correctly.
Re: (Score:2)
You'd have to first discover that they used it, then show that whatever code they implemented was based on yours I would think.
Re: (Score:2)
No, you just let them bring a suit against you. At that point they will have to tell you for exactly which lines you are being charged with infringement.
Re: (Score:2)
> As a non-programmer and non-expert in AI, how bad is this for Anthropic?
Not at all bad. Their competitors, such as Codex, are already open source. Anthropic is the odd man out being closed. It's just client side "prompt engineering" and IDE integration stuff, click bait headlines not withstanding.
Nothing of real value has been disclosed. It's interesting, but that's about all.
It's okay guys (Score:2)
I'm sure that the various other AI companies will respect the copyrights involved and not steal all the useful information and ideas and algorithms. If it's one group of people who are always very respectful of copyright it's AI companies.
It's already gone. (Score:3)
The github page that's being pointed to has already taken down the code. [1]Unlike the fools that posted the WinAmp source code, [slashdot.org] they actually know how to wipe out the commits. However, I found that searching github with [2]leaked Claude Code language:TypeScript [github.com] was enough to find several mirrors of the code.
[1] https://it.slashdot.org/comments.pl?sid=23466575&cid=64817777
[2] https://github.com/search?q=leaked%20Claude%20Code%20language%3ATypeScript&type=repositories
Sloppary (Score:1)
wtf is that llm-generated summary, editors?
Half of the things in there are not new information.
Re: (Score:2)
hey, not everyone follow AI development and are up to date with all the details
for me, most of the info was new
Re: (Score:2)
1 detail in that list is relevant to the code dump.
The rest, and ChatGPT's opinion on them is just padding your word count:
"This is the brain of the operation." "leveraging its dead code elimination for feature flags and its faster startup times." "there's a command system as rich as any IDE."
And of course, they're also simply not fact-based in the slightest.
> The Tool System (~40 tools): Claude Code uses a plugin-like tool architecture.
All modern agents do. My home-rolled Perl ones do, too.
> Multi-Agent Orchestration: Claude Code can spawn sub-agents (they call them "swarms") to handle complex, parallelizable tasks.
Yes. This is a core feature of modern agents.
> IDE Bridge System: A bidirectional communication layer connects IDE extensions (VS Code, JetBrains) to the CLI via JWT-authenticated channels. This is how the "Claude in your editor" experience works.
If you use Claude Code, and you use an IDE, or