technology
Anthropic accidentally publishes Claude Code source, exposing unreleased features and models
A debug file accidentally included in an npm package revealed the full Claude Code source and unreleased features, exposed internal model names, and may have distributed a remote access trojan to users who updated during the incident.
Mar 31st 2026 · United States
Insights
- A debug file in the official npm package exposed the full Claude Code source, about 1,900 files and more than 512,000 lines of code.
- Thousands of developers downloaded and began analyzing the leaked repository within hours.
- The code reveals a 46,000-line conversation engine, roughly 40 action types and about 85 internal commands.
- Unannounced features found in the code include BUDDY, a Tamagotchi-like virtual pet planned for May, and KAIROS, an always-on background assistant that logs observations and consolidates context.
- The leak lists internal model names Capybara, Fennec and Numbat for upcoming or testing models.
- Users who updated Claude Code via npm between 00:21 and 03:29 UTC may have installed a remote access trojan, and Anthropic advised checking affected dependency versions and migrating to the native installer with automatic updates.
Sources
- Anthropic admits Claude Code users hitting usage limits 'way faster than expected' go.theregister.com
- Anthropic goes nude, exposes Claude Code source by accident go.theregister.com
- Anthropic filtra por error el código fuente de Claude Code y revela sus nuevas funciones hipertextual.com
- Anthropic mistakenly leaks its own AI coding tool’s source code, just days after accidentally revealing an upcoming model known as “Mythos” fortune.com
- Entire Claude Code CLI source code leaks thanks to exposed map file arstechnica.com
- Source Code for Anthropic’s Claude Code Leaks at the Exact Wrong Time gizmodo.com