Anthropic inadvertently leaked the full source code for Claude Code due to a misconfigured npm file. The 60MB bundle included 512,000 lines of TypeScript across 1,906 files.
The leak unveiled Claude Code’s advanced memory system, featuring a lightweight MEMORY.md file and background operation modes like KAIROS. AutoDream handles memory consolidation during idle times.
Internal model names such as Capybara (Claude 4.6), Fennec (Opus 4.6), and Numbat were revealed. Benchmarks show Capybara’s false claims rate rose to 30%.
The source also disclosed a feature called "Undercover Mode," allowing Claude Code to contribute to open-source projects without revealing AI involvement.
Additionally, the leak exposed Anthropic’s permission engine, multi-agent workflow logic, bash validation systems, and MCP server architecture-key components that give competitors insight into the system’s inner workings.
The breach coincided with a supply chain attack involving malicious axios versions, prompting security warnings for npm users.
This marks the second major disclosure in thirteen months, with Anthropic now recommending standalone installers over npm.