Forgot your password?
Close
typodupeerror
Programming AI

Claude Code's Source Code Leaks Via npm Source Maps (dev.to) 65

Posted by BeauHD from the cat-is-out-of-the-bag dept.
Grady Martin writes: A security researcher has leaked a complete repository of source code for Anthropic's flagship command-line tool. The file listing was exposed via a Node Package Manager (npm) mapping, with every target publicly accessible on a Cloudflare R2 storage bucket. There's been a number of discoveries as people continue to pore over the code. The DEV Community outlines some of the leak's most notable architectural elements and the key technical choices:

Architecture Highlights
The Tool System (~40 tools): Claude Code uses a plugin-like tool architecture. Each capability (file read, bash execution, web fetch, LSP integration) is a discrete, permission-gated tool. The base tool definition alone is 29,000 lines of TypeScript.
The Query Engine (46K lines): This is the brain of the operation. It handles all LLM API calls, streaming, caching, and orchestration. It's by far the largest single module in the codebase.
Multi-Agent Orchestration: Claude Code can spawn sub-agents (they call them "swarms") to handle complex, parallelizable tasks. Each agent runs in its own context with specific tool permissions.
IDE Bridge System: A bidirectional communication layer connects IDE extensions (VS Code, JetBrains) to the CLI via JWT-authenticated channels. This is how the "Claude in your editor" experience works.
Persistent Memory System: A file-based memory directory where Claude stores context about you, your project, and your preferences across sessions.

Key Technical Decisions Worth Noting
Bun over Node: They chose Bun as the JavaScript runtime, leveraging its dead code elimination for feature flags and its faster startup times.
React for CLI: Using Ink (React for terminals) is bold. It means their terminal UI is component-based with state management, just like a web app.
Zod v4 for validation: Schema validation is everywhere. Every tool input, every API response, every config file.
~50 slash commands: From /commit to /review-pr to memory management -- there's a command system as rich as any IDE.
Lazy-loaded modules: Heavy dependencies like OpenTelemetry and gRPC are lazy-loaded to keep startup fast.

Claude Code's Source Code Leaks Via npm Source Maps More | Reply

Claude Code's Source Code Leaks Via npm Source Maps

Comments Filter:
  • I never would have guessed that one. I stopped writing JavaScript a decade ago so I’m out of that loop. It just really surprised me that the popular Python language wasn’t used.

    • Re: (Score:3, Informative)

      by 93 Escort Wagon ( 326346 )

      They probably wanted a scripting language that wasn't a total dog when it comes to speed.

    • Re: (Score:1)

      by pooh666 ( 624584 )
      Cause yeah, popular is how you should always make arch decisions. And also WTH would anyone use Python for a serious system that requires performance? Python brings us back to that days of BASIC, "oh but you can call functions written in other languages that are fast" It is an order of magnitude thing too, not just a gripe from some benchmarking basement dwellers.

      • Claude just needs to load fast, relatively..,it doesn't need to do anything else fast because the bottleneck is the ai calls or tools. Python would be perfectly fine here. Ideal even. The reason why not was likely not related to performance primarily. 3.12 python is plenty fast for a higher level language with a ton of experienced developers for it. It's likely that the choice came down to what the dev team uses elsewhere....and so just code it in the same language. Companies work that way far mo

        • One claude code's maintainer tried to flex and said his software was comparable to "a small game engine". So no, they want performance, smooth text animation. For some reason they chose to use React to do terminal text rendering and struggle to achieve 60fps. Imagine if they chose Python+react. Note, I never used claude, just copilot and codex and I can't see why it's difficult to achieve 60fps basic text animation on modern machine, we had mplayer playing movies in the terminal back in the days. Maybe they

          • I use claude regularly (we have to). I'm not sure what text animation is being required ...,it doesn't do anything you haven't seen it any ncurses type of application and any animation is simply aesthetic in the tool. All of the actual content is effectively just scrolling the text the ai or tools output or menu driven navigation. Again, i think the framework and stack was chosen because that's just what they use in general first and foremost. You dont need high performance to rotate a stupid 'waiting

            • Well I 100% agree with you but the authors think they are vibe coding a text based game engine in react. I guess it's good for them since AI probably scores better on React than ncurse. TBH I'm not a fan of these people, just a BS tweets among others.
        • Incorrect.
          Claude Code uses a rendering engine that runs at a high fps.
          Now, should it? That'd be a fair question. But it does.

          Also, Python isn't the best tool for any fucking job, except accelerating global warming.

      • Re: (Score:2)

        by flink ( 18449 )

        Cause yeah, popular is how you should always make arch decisions. And also WTH would anyone use Python for a serious system that requires performance?

        Claude code is basically just a fancy network client for the cloud-hosted LLM. There is nothing in it demanding high performance. It just needs to be a sandbox around the shell environment and be able to send off prompts, collect user input, and carry out intents returned from the LLM. 99.9% of the time the CLI app is idle waiting for user input, idle waiting for LLM network I/O, or idle waiting for a cli tool invocation to return.

        The more important requirement is for it to be something cross platform and

        • Incorrect.

          There is nothing in it that should demand high performance, I agree.
          But Claude Code is never waiting on your input. It's waiting on its frame timer to expire so it can render the next frame of its interface. Because decisions... were made... my people of questionable wisdom.

          It's a real time React renderer that runs at 60fps.

    • Re: (Score:2)

      by PCM2 ( 4486 )

      JavaScript is actually a pretty interesting, powerful language, but one with quite a few problems. (I recommend the book JavaScript: The Good Parts by Douglas Crockford if you want to learn more about that.) TypeScript solves some, but by no means all, of those problems. From what I've heard, it's increasingly popular.

    • Re:TypeScript? (Score:5, Informative)

      by jd ( 1658 ) <imipak@NoSPAM.yahoo.com> on Tuesday March 31, 2026 @03:01PM (#66070794) Homepage Journal

      That surprised me, too. TypeScript is a very poorly-congealed ("designed" seems a bit strong) language.

      Of the two popular scripting languages - python and ruby - python probably makes more sense as you can compile into actual binaries if you want.

      For speed and parallel processing, which I'd assume they'd want, they'd be better off with Tcl or Erlang, both of which are much much better suited to this sort of work.

      • Re: (Score:2)

        by SirSlud ( 67381 )

        lol, this place is hilarious sometimes

      • Re: (Score:2)

        by dargaud ( 518470 )
        Erlang is... weird. 15 years ago I wanted to learn a new and different language and I tried it but i could not wrap my brain around some of its constructs. Then I read a paper by a guy claiming that some things were impossible to do with Erlang (with examples in other languages) and since I didn't have any projects to do with it, i basically forgot all about it.

    • There are some significant advantages over Python. JavaScript on Node.js (or Bun in this case) is inherently event-driven. TypeScript gives strong typing on top of that. And apparently Bun can package up an app into a standalone executable, also unlike Python. I'm going to have a look at Bun, seems powerful.

    • As much as I hate it, TypeScript is a legitimate choice.

      There are millions of developers out there to choose from, which makes sourcing talent far easier and cheaper.

      There are several runtimes to choose from for optimization, and massive 3rd party library support for practically everything.

      It's a strongly-typed language that prevents you from footgunning yourself in any myriad of ways, which "transpiles" back to good ol Javascript that runs everywhere.

  • Radio silence? (Score:2, Interesting)

    by nasalicio ( 122665 )

    Its very odd that Slashdot would report on this, but with how much the Anthropic/Claude Code sub-reddits have been blowing up with them completely screwing over users with their ridiculous usage limits this past week, remain totally radio silent. Suspicious even.

    I will never give Anthropic the time of day after the rug they've pulled on all of us. Screw them.

  • As a non-programmer and non-expert in AI, how bad is this for Anthropic? By client-side they mean this is the source code to what people download anyway? This has nothing to do with the server-side stuff accessed by the Claude chat interface?

    • My sense of it is that this code is not the LLM itself, it is the infrastructure and interface layer between the user and the LLM. But even so, there's a lot of expensive work that has been exposed. At the very least it will give the competition some ideas.

      • Re:hmmm (Score:4, Informative)

        by DamnOregonian ( 963763 ) on Tuesday March 31, 2026 @06:08PM (#66071106)
        The competition is easily keeping up with Claude Code. It's their LLM that's impressive, not their terminal application.
        Even OpenCode is keeping up well with Claude Code, and it works with any LLM.

        • "Claude Code has gone from zero to be the #1 tool in only eight months."

          https://newsletter.pragmaticen... [pragmaticengineer.com]

          Looks like OpenCode is #7.

          • Christ. Only in 2026 would I have to do this.

            1) We weren't talking about a popularity contest. Though I do imagine Claude Code definitely had the most mentions by respondents to the, uhhh /me glances at notes, "pragmaticengineer.com survey". OpenClaw has more stars on github than software with tens of millions more in installed base than it.
            2) After this [slashdot.org] comment, I'm not sure you should ever reply to anything technical ever again.

            If there's anything that can be learned here, it's that people like you l

            • Lol, now you're accusing me of not writing my own posts here? Hilarious!

              >> The competition is easily keeping up with Claude Code

              Show evidence. Like I did.

              • Lol, now you're accusing me of not writing my own posts here? Hilarious!

                Not an accusation in the slightest. Was giving you an out for disclaiming authorship of that post ;)
                It is impressively ignorant.

                Show evidence. Like I did.

                You showed evidence of popularity of a thing within a tiny non-representative sample in a discussion about feature parity. Put scientifically- you showed nothing.
                As mentioned, no amount of Claude Code's codebase is going to make you give OpenCode more github stars. Idiots are led by a different metric than code.

                • >> Was giving you an out

                  That's an obvious lie, and I stand by my statement.

                  >> you showed nothing

                  Another obvious lie. I merely showed something you didn't like.

    • It's downloaded, but this provides deminified source. Given how they often claim to use LLMs for everything, presumably no copyrights apply to the code either so their competitors can just use it.

      • Only if you can distinguish AI-written lines from human-written lines. The human-written lines are still copyrighted and even small snippets would burn a pirate, if I understand the law correctly.

        • Re: (Score:2)

          by nomadic ( 141991 )

          You'd have to first discover that they used it, then show that whatever code they implemented was based on yours I would think.

        • No, you just let them bring a suit against you. At that point they will have to tell you for exactly which lines you are being charged with infringement.

          • Re: (Score:2)

            by Luthair ( 847766 )
            Its pretty unlikely that they have the record keeping to even know

            • My company has most of that record for our git repo. I am fairly certain we could bring such a suit. I do not know if Anthropic could. Even so, the "AI generated cannot be copyrighted" theory has not been tested in court. That is only a ruling of the copyright office. I think there is a lot of questions around "transformative use" if you are the person who wrote the transformer based on some of the other invention law.

            • It would be a civil case. If they has some plausible scenario, then theoretically a jury can accept it as fact for the case.

    • Re: (Score:3)

      by Tailhook ( 98486 )

      As a non-programmer and non-expert in AI, how bad is this for Anthropic?

      Not at all bad. Their competitors, such as Codex, are already open source. Anthropic is the odd man out being closed. It's just client side "prompt engineering" and IDE integration stuff, click bait headlines not withstanding.

      Nothing of real value has been disclosed. It's interesting, but that's about all.

      • Context engineering for modern agents. The distinction is what you can imagine. In context engineering, you're dynamically altering the entire context window instead of just prompts added to them.

        As for "of value", perhaps the system and agent prompts. That's a pretty fast-moving target. But since Claude has locked down Opus access to just API keys for external tools, those are really just for trying to glean ideas from.
  • I'm sure that the various other AI companies will respect the copyrights involved and not steal all the useful information and ideas and algorithms. If it's one group of people who are always very respectful of copyright it's AI companies.

  • It's already gone. (Score:5, Informative)

    by Gravis Zero ( 934156 ) on Tuesday March 31, 2026 @04:11PM (#66070926)

    The github page that's being pointed to has already taken down the code. Unlike the fools that posted the WinAmp source code, [slashdot.org] they actually know how to wipe out the commits. However, I found that searching github with leaked Claude Code language:TypeScript [github.com] was enough to find several mirrors of the code.

  • this is a AI Port of what some guy in Korea claimed was the real code. I would be more willing to bet this i misdirection and subterfuge then anything else.

  • Calls themselves a security researcher yet quickly posts code that is not theirs on a github. Not cool.

Slashdot Top Deals

"If you want to eat hippopatomus, you've got to pay the freight." -- attributed to an IBM guy, about why IBM software uses so much memory

Close