BREAKING: Claude Code source leaked

In what may be the most significant leak in AI history, Anthropic accidentally published the full source code for Claude Code—their closely guarded «secret sauce»—through source maps in an npm package. The company has historically refused to open-source Claude Code and sent hundreds of DMCA takedown notices when earlier leaks occurred, yet now the entire 390,000-line codebase is circulating freely. The leak exposes unreleased features, reveals that Claude Code lags behind open-source alternatives in benchmarks, and shows evidence that Anthropic engineers have been copying from open-source projects like Open Code. Can Anthropic suppress what's already everywhere, or will they finally embrace the open-source approach the community has been demanding?

Theo - t3․ggTech10 Pessoas mencionadas 5 Termos do glossário

Duração do vídeo: 39:27·Publicado 1 de abr. de 2026·Idioma do vídeo: en-US

6–7 min de leitura·8,968 palavras faladas → resumido para 1,372 palavras (7x)·

Assistir no YouTube ↗

1 —

Pontos-chave

1

The leak occurred because Anthropic accidentally included source maps in their npm package, likely while trying to improve error logging to diagnose rate-limit issues—source maps exist to link minified production code back to readable source for debugging.

2

Claude Code ranks 39th out of 39 harnesses on TerminalBench for Opus, trailing far behind open-source alternatives; the leaked code even shows Anthropic copying behaviors from Open Code rather than the reverse.

3

The source reveals multiple unreleased features including Buddy (a companion pet), Dream Mode (automatic memory consolidation), Coordinator Mode (parallel worker agents), and Chyros (always-on proactive agent), plus anti-distillation defenses and an «undercover» flag for employees contributing to external projects.

4

Anthropic is speedrunning a world record for erroneous DMCA takedowns, going after people who merely forked the public Claude Code GitHub repo (which doesn't even contain the leaked source), a strategy that will only damage their reputation further.

5

The leaked codebase scores 7/10 for code quality with strong type safety (only 38 «any» uses across 500+ files) but suffers from over 1,000 scattered feature flags, massive «god files» exceeding 5,000 lines, and dangerous environment variable sprawl with no centralized secret sanitization.

Em resumo

Anthropic's attempt to keep Claude Code proprietary has spectacularly backfired with a full source leak, revealing not only that their harness underperforms open-source alternatives but also that they've been borrowing from those same projects—the company's only viable path forward is to abandon suppression, open-source Claude Code officially, and let their engineers turn a PR disaster into community engagement.

2 —

How Source Maps Exposed the Code

Anthropic accidentally shipped debug files that map compiled code back to readable source.

1

Build step transforms code Browsers can't run TypeScript, so JavaScript projects compile/minify/obfuscate source into production bundles. Claude Code ships as one 13MB minified JavaScript file that's essentially unreadable.

2

Source maps enable debugging To debug minified code, developers create source maps that link each production character back to original source. These maps effectively contain the full original codebase.

3

Maps shipped with package Anthropic included a source map folder in their npm package, likely while trying to get better error logs to diagnose rate-limit issues users were experiencing.

4

Leak went viral instantly Users downloaded the npm package, extracted the source from the maps, and within hours the code was mirrored across thousands of GitHub repos and R2 buckets despite Anthropic's takedown attempts.

3 —

Claude Code Lags Behind Open Source

Benchmarks show Claude Code is the worst harness for Opus models.

⚠️

Claude Code Lags Behind Open Source

On TerminalBench, Claude Code ranks dead last—39th out of 39 harness-model pairs. When Cursor's harness runs Opus, it scores 93%; Claude Code with the same model scores only 77%. Even more embarrassingly, the leaked source contains multiple references to Open Code, showing Anthropic engineers copied behaviors like scrolling from open-source projects they were supposedly competing against. The «secret sauce» turns out to be ketchup packets stolen from the open-source cafeteria.

4 —

Hidden Features Revealed in the Leak

🐣

Buddy Mode

An April Fool's companion pet that would hatch inside Claude Code between April 1–7. Anthropic was probably planning to announce this as a joke feature but the leak spoiled the surprise.

💭

Dream Mode

Background agents that automatically review past sessions and consolidate memories while you're away, training Claude Code to behave more like you want without explicit prompting.

👥

Coordinator Mode

Spins up multiple parallel worker agents with full tool access and specific instructions, effectively letting one Claude Code instance manage five simultaneous coding agents with shared prompt cache to reduce costs.

🤖

Chyros (AFK Mode)

Always-on proactive agent that runs on a heartbeat, asking itself «anything worth doing right now?» and autonomously making changes, filing PRs, and responding to feedback without user prompting.

🥸

Undercover Flag

Strict instructions for Anthropic engineers contributing to external open-source projects, specifically telling the model «do not blow your cover» so others don't know Claude Code was used.

5 —

The DMCA Speedrun Nobody Asked For

Anthropic is issuing hundreds of takedowns for a leak they can't suppress.

Within hours of the leak, Anthropic began sending DMCA takedown requests to GitHub at a pace that may set a record for any company in history. They're not just targeting repos with the leaked source—they're going after people who simply forked the official Claude Code repository, which doesn't even contain the source code, only plugins and documentation. The company has previous form here: when source maps leaked in an earlier release, they sent hundreds of DMCAs trying to scrub the internet of their own mistake.

The situation has escalated to absurdity. Someone noticed that several internal Anthropic packages (referenced in the leaked package.json with workspace:* syntax) didn't exist on npm, so they registered those package names with a disposable email for obvious malicious purposes. Anyone trying to build the leaked source without proper protections could install these poisoned packages. Meanwhile, projects are already appearing that rewrite the leaked TypeScript in other languages—derivative works that may fall outside copyright protection, though that's untested legal territory.

The company's official statement emphasizes «human error, not a security breach» and confirms no customer data was exposed. But the framing as human error is telling, especially given that Claude Code builds itself with Claude Code—making it entirely possible an AI agent, not a human, made the packaging mistake that led to this historic leak.

6 —

Code Quality: Pretty Good, Actually

Seven out of ten with strong typing but scattered flags and god files.

Type Safety Score

38 'any' uses across 500+ files

Exceptionally strong TypeScript discipline for a codebase this size.

Total Lines of Code

~390,000 lines

Pure TypeScript source only; slightly smaller than the fully open-source Codex (515k lines in Rust).

Feature Flag Sprawl

1,000+ flags in 250 files

Growth Book feature flags scattered throughout business logic, making debugging environment issues a nightmare.

God Files

Multiple files >5,000 lines

Several massive files violate separation of concerns, though some giant files are justified in context.

Modern Async Patterns

258 .then() chains, zero callback hell

Decent async/await adoption with only legacy promise chains remaining.

Test Coverage

0 test files found

Source maps wouldn't include tests, so this likely doesn't reflect actual test coverage.

7 —

What Anthropic Must Do Now

Suppression has failed; open-source is the only credible path forward.

THE WRONG MOVE

Lawyer-Led Suppression

Continuing to DMCA repos, sending cease-and-desists, and issuing corporate non-apologies will only cement Anthropic's reputation as the industry's least transparent lab. The code is everywhere. Trying to put this genie back in the bottle makes the company look like it's run by lawyers instead of engineers, destroying the «humans of AI» brand they've carefully built.

THE RIGHT MOVE

Embrace Open Source

Announce a concrete timeline to officially open-source Claude Code. Give engineers permission to be excited, write blog posts about leaked features they're proud of, and engage authentically with the community. Beat the leakers by being the best source of information. Stop pretending it's «secret sauce» when benchmarks show it's behind open alternatives that Anthropic's own engineers copy from. Turn a historic PR disaster into the biggest community win in AI by just being human about it.

8 —

Be Humans, Not Corpo Robots

Authenticity beats hype; let engineers engage instead of hiding behind lawyers.

“Every engineer working on Claude Code has something cool they built that they want to talk about that they haven't talked about because they can't. This is closed fucking source. It's not closed source anymore. It's source available with a bunch of asterisks. Fix that by making it open source. And instead of trying to press release this shit, instead of trying to suppress it with lawyers, just lean into it. Let your engineers be excited because excitement will always, always, always, always beat hype.”
— Theo

9 —

Pessoas

Theo

Content Creator / Developer

host

Ben

Developer

mentioned

Jared

Creator of Bun / Anthropic Employee

mentioned

West Boss

Developer

mentioned

Sahill

Researcher

mentioned

Mal

Technical Writer

mentioned

Julius

Creator of T3-ENV

mentioned

Gary Tan

Y Combinator CEO

mentioned

Kevin

Tanstack Team Member

mentioned

Jason

OpenAI Employee

mentioned

Glossário

Source mapA file that maps minified/compiled production code back to the original readable source, enabling developers to debug deployed code by linking errors to the actual lines they wrote.

HarnessThe wrapper/framework that connects an AI model to tools and manages the interaction loop—in coding, this includes file access, terminal commands, and the logic for when to prompt the model versus execute tools.

Prompt cacheA technique where the model stores computed context from earlier in a conversation, avoiding recalculation of the same tokens and drastically reducing input token costs for long conversations.

DistillationTraining a smaller or different model using the outputs/behaviors of a larger model, often considered a form of IP theft when done without permission using a competitor's model responses.

Obfuscation/minificationTransforming code to be smaller and harder to read—minification removes whitespace and shortens names to reduce file size; obfuscation intentionally makes code unreadable to protect intellectual property.

Aviso: Este é um resumo gerado por IA de um vídeo do YouTube para fins educacionais e de referência. Não constitui aconselhamento de investimento, financeiro ou jurídico. Verifique sempre as informações com as fontes originais antes de tomar decisões. O TubeReads não é afiliado ao criador do conteúdo.