On March 31, 2026, Anthropic accidentally published Claude Code v2.1.88 to npm with a 59.8MB source map file exposing over 512,000 lines of TypeScript code. Security researcher Chaofan Shou discovered the leak, marking Anthropic's second major security incident in one week. Within 48 hours, developers launched a complete alternative ecosystem of open agent tools.
512,000 Lines of TypeScript Exposed Through npm Package
The leak occurred when Anthropic published Claude Code to npm with an unstripped source map file. The exposed code revealed:
- KAIROS mode: 24/7 persistent agent capabilities
- Buddy System: Tamagotchi-style AI pet companion feature
- Coordinator: Multi-agent management system
- Undercover mode: Feature designed to hide AI activity on public repositories
- Auto Mode: Automatic approval of tool permissions
Multiple developers mirrored the code to GitHub within hours, and ccleaks.com was created as a backup distribution site. The leak followed an earlier Claude Mythos model leak earlier in the week.
Five Major Projects Launched Within 48 Hours
The developer community treated the leak as a de-facto open source release, immediately building production tools:
OpenClaude (1.6k stars, 699 forks) created an OpenAI-compatible API shim enabling Claude Code to work with GPT-4o, DeepSeek, Gemini, Ollama, and over 200 models. The project makes Claude Code model-agnostic.
open-multi-agent (1.4k stars) implemented production-grade multi-agent orchestration with task DAG scheduling, message bus architecture, and shared memory. The framework supports mixing Claude and GPT models in the same agent team.
cc-gateway (1.4k stars) built an AI API identity gateway functioning as a reverse proxy that normalizes device fingerprints and telemetry for privacy-preserving API access.
claude-code-rust (288 stars) delivered a complete Rust rewrite claiming 2.5x faster startup times and 97% smaller binary size compared to the original TypeScript implementation.
ai-agent-deep-dive (2.4k stars) published a comprehensive Chinese-language research report analyzing Claude Code's architecture, while claude-code-book (900 stars) released a 420,000-word technical breakdown spanning 15 chapters.
Community Response Demonstrates Pent-Up Demand for Open Frameworks
Hacker News discussions generated significant engagement, with "The Claude Code Source Leak: fake tools, frustration regexes, undercover mode" receiving 1,279 points and 520 comments. A companion post, "Claude Code Unpacked: A visual guide," attracted 784 points and 282 comments.
The rapid ecosystem development indicates strong demand for open agent frameworks that developers can modify and extend. The community focused on building practical tools rather than treating the incident purely as a security breach.
Anthropic attributed the leak to human error but has not issued legal takedown notices against derivative projects. The incident raises questions about protecting AI system architectures when distributing software packages.
Key Takeaways
- Anthropic accidentally exposed 512,000 lines of Claude Code TypeScript source code through an npm package on March 31, 2026
- The leak revealed unreleased features including KAIROS mode (24/7 agents), Buddy System, Coordinator, Undercover mode, and Auto Mode
- Five major open-source projects launched within 48 hours: OpenClaude (1.6k stars), open-multi-agent (1.4k stars), cc-gateway (1.4k stars), claude-code-rust (288 stars), and ai-agent-deep-dive (2.4k stars)
- OpenClaude enables Claude Code to work with 200+ models including GPT-4o, DeepSeek, and Gemini through an OpenAI-compatible API shim
- The rapid ecosystem development demonstrates strong developer demand for open, modifiable agent frameworks beyond proprietary systems