Claude Code's Own Full Source Code Leaked

On Tuesday, a security researcher named Chaofan Shou revealed on X that he had found a 59.8MB JavaScript source map file in a public release of Anthropic’s Claude Code.
This file is intended for internal debugging purposes and helps to associate compiled, public code with the original source code. With it, compiled code can be easily regenerated from the original code it came from. Within minutes of the leak, the source code had been published and backed up to various public repositories.
The cat is now out of the bag. Claude Code, the company’s flagship CLI (command-line interface) and main product for developers, has been unveiled.
At least, a bit.
It turns out that the code that’s been published totally reveals the organizational structure of Claude Code, the way in which it chunks up jobs and divvies responsibilities between tools. To hear software engineers like Gabriel Anhaia tell it, the code is exceptionally well organized.
Around the web, the general consensus seems to be that this code should help reduce the number of tokens per request in open-source “forks” of Claude Code. In other words, this means the efficiency innovations that Anthropic paid goodness-knows-how-many developers to create are now available to all.
Critically, this leak does not release the model weights that actually enable Claude Code to perform its artificial intelligence reasoning. What the leak shows is the organization of the tool overall, and the ways in which problems are handled. It shows how portions of the code call and reference one another, how tasks are queued and prioritized, and more.
It also reveals that Claude Code’s abilities are the result of more than 40 discreet tools, each specialized to a different part of Claude Code’s overall programming abilities.
VentureBeat got a response from Anthropic on the issue Tuesday afternoon: “Earlier today, a Claude Code release included some internal source code. No sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach. We’re rolling out measures to prevent this from happening again.”
The problem is that this happened just over a year ago, too, and via the same problem. In February 2025, a source map file revealed a much more primitive version of Claude Code. This latest leak reveals a massively more engineered version, with much more to teach the community.
It’s an open question what steps it’ll take this time that it didn’t take last year.
© 2001-2026 Ziff Davis, LLC., a Ziff Davis company. All Rights Reserved.
ExtremeTech is a federally registered trademark of Ziff Davis, LLC and may not be used by third parties without explicit permission. The display of third-party trademarks and trade names on this site does not necessarily indicate any affiliation or the endorsement of ExtremeTech. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.

source