On Wednesday, security researcher Chaofan Shou discovered that Anthropic had shipped version 2.1.88 of Claude Code with a 59.8MB source map file attached to the npm package. Source maps are used to connect bundled production code back to the original source files during debugging, and this one connected the internet to 512,000 lines of unobfuscated TypeScript across 1,900 files.
It was an absolute “yikes” moment for arguably the world’s most influential AI company.
How Anthropic responded: The package was pulled within hours, writes TNS contributor Janakiram MSV. Anthropic also confirmed it was due to a packaging issue caused by human error, but the mirrors were already on GitHub. The original repo was reportedly forked more than 41,500 times before the uploader replaced it with a Python port.
What everyone blogged about: The coverage in the hours since then has focused on individual features: A Tamagotchi pet system. Animal codenames. Developer Wes Bos posted that he went straight for the spinner verbs and found 187 of them, from “Ruminating” and “Philosophising” to “Flibbertigibbeting” and “Photosynthesizing.”
But here’s the real story: Independent analyses of the leaked codebase by dozens of developers reveal a production agent system that converges on the same design patterns the open-source ecosystem is also racing to build.
Go deeper: Inside Claude Code’s leaked source: swarms, daemons, and 44 features Anthropic kept behind flags
More stories for your Wednesday:
● JetBrains: AI agents are about to repeat the cloud ROI crisis
● Why Cursor is bringing self-hosted AI agents to the Fortune 500
● Explainable AI in production: A neuro-symbolic model for real-time fraud detection
● In China, losing money on AI is big business
