News of how Athropic accidentally shipped a 60MB source map alongside a Claude Code npm update has had developers talking recently, so we thought we’d share some of our favourite break-downs of what happened - and why.
The leak, which happened at the end of March 2026, exposed around 500,000 lines of TypeScript across 1,900 files. The package was pulled within hours, but as the Wall Street Journal reported, by then it had already been forked over 41,000 times, with Anthropic confirming afterwards that it was a build pipeline error.
The initial coverage from news outlets and users focused on some of the fun parts, like the list of 187 spinner verbs - ranging from “Ruminating” to “Flibbertigibbeting” - or the fully implemented Tamagotchi companion system. Impressively, just a couple of days after the leak, this 50-part engineering course popped up using the data.
Authors like Janakiram MSV at The New Stack and Alex Kim dug deep into the technicals to see what they could learn from looking at the code.
Claude Code is closer to an agent operating system than a chat tool, with a permission-gated tool system, multi-agent swarm support, and 44 compile-time feature flags for capabilities that are built but not yet released, so it’s unsurprisingly developers got so excited about looking inside to see how it works.
The most significant is KAIROS, a background daemon that runs on a cron schedule, maintains daily logs, and can act proactively during idle time. There’s also an autoDream sub-agent that consolidates memory across sessions.
Other details that surfaced include an anti-distillation mechanism that injects fake tool definitions into API traffic to pollute any training data a competitor might be collecting; an Undercover Mode that strips Anthropic internal references from AI-authored commits in public repos, with a hardcoded note that there is “NO force-OFF”; a frustration regex that detects when users are swearing at the tool; and a comment in the codebase referencing 250,000 wasted API calls per day that was fixed with three lines of code.
The leak also exposed internal model codenames — Capybara, Fennec, and an unreleased model called Numbat — along with internal benchmark data.
A community rewrite of the codebase has already started on GitHub, claiming it hit 100k stars on GitHub faster than anyone before.
As the Latent Space newsletter put it, the code can be refactored, but competitors now know what Anthropic has finished and hasn’t shipped yet. The genie is out of the bottle, and it can’t be undone.
Meanwhile, techstartups.com noted that after the initial leak, the full source hit the npm registry a second time, suggesting we this might not be the last time we hear about this.