← Back to stories Close-up of HTML and JavaScript code on a computer screen in Visual Studio Code.
Photo by Antonio Batinić on Pexels
虎嗅 2026-04-06

The social death of a Claude Code source snippet

What happened

It has been reported that a 59.8 MB JavaScript source‑map—intended for internal debugging—was accidentally published inside version 2.1.88 of a public npm package early this morning, exposing substantial portions of Anthropic’s Claude Code. According to Chinese tech outlet Huxiu (虎嗅) and other reports, an intern at Solayer Labs flagged the file on X at 4:23 a.m. ET and shared a direct download link. The post spread rapidly; the roughly 512,000‑line TypeScript repository was reportedly mirrored to GitHub within hours and analyzed by thousands of developers. Anthropic told VentureBeat by email that “some internal source code” was included, that no customer data or credentials were exposed, and that the incident was a human packaging error rather than a security exploit.

What the leak reportedly reveals

The leaked source reportedly lays bare a three‑layer “self‑healing” memory architecture and a lightweight pointer index (MEMORY.md) that stores locations, not raw transcripts, to limit context pollution. It has been reported that the code describes KAIROS—mentioned over 150 times—a background agent mode that runs “autoDream” memory‑integration cycles while users are idle, merging observations and pruning contradictions before the next session. The files also reportedly disclose a clandestine “covert mode” for anonymous open‑source contributions and internal flags showing Capybara v8’s development issues, including a reported regression in hallucination rates versus earlier models.

Why it matters

Why should Western readers care? Beyond immediate IP loss, the leak hands competitors a functional blueprint for building commercially viable autonomous agents at far lower cost. It has been reported that attackers could exploit revealed orchestration logic and hooks to craft malicious repositories that bait Claude Code into executing unwanted background actions, and that an independent npm supply‑chain attack hit the same package hours earlier. In the broader context of an intensely competitive AI race—shaped by export controls, chip sanctions and geopolitics—software secrets have become as strategically valuable as hardware. What remains unclear is how Anthropic will rebuild trust and harden packaging and release procedures to prevent a repeat.

AI
View original source →