Claude Code's Source Code Leaked via NPM Source Map

📅 March 31, 2026 · 4 min read

Anthropic just had one of those "oh shit" moments that every engineering team dreads. Claude Code, their flagship CLI coding tool, shipped with full source map files in its NPM registry package — exposing the entire compiled source code to anyone who thought to look.

The discovery hit Hacker News today with over 365 points and climbing. What the community found inside is equal parts fascinating, hilarious, and mildly concerning.

What Actually Happened

When you publish a JavaScript package to NPM, you're supposed to strip out source maps — the files that map compiled/minified code back to its original, readable form. Source maps are great for development. They're terrible for production if you don't want your code inspected.

Claude Code's NPM package had them. Fully intact. The entire internal architecture, feature flags, prompt engineering, and systems that Anthropic probably didn't want public were sitting there for the taking.

The Frustration Detection System

The most viral discovery: Claude Code has a regex-based system for detecting when you're frustrated with it. Yes, really.

The system scans your input for patterns like "WTF", "ffs", "shit(ty|tiest)" — with word boundary checks to avoid false positives. It's not using an LLM for sentiment analysis. It's using regex. In an LLM product.

The irony wasn't lost on anyone. As one commenter put it: "An LLM company using regexes for sentiment analysis? That's like a truck company using horses to transport parts."

The practical use seems to be a lightweight pre-filter before a more expensive process — a quick check before spinning up the heavy machinery. Fair design choice, honestly. But watching engineers discover that Claude literally knows when you're cursing at it made for excellent HN entertainment.

Hidden Features & Easter Eggs

The source maps revealed several unreleased and internal features hiding behind feature flags:

Kairos (Assistant Mode): An unreleased "assistant mode" feature that appears to be a significant new capability in development.
The Buddy System: A Tamagotchi-style companion creature system with ASCII art sprites. Turns out this is the planned April Fool's joke — a gacha pet system with legendary pulls.
Undercover Mode: Strips all Anthropic internal information from commits and PRs. Designed for employees contributing to open source projects anonymously. The prompt for this feature? It was generated by AI. Of course it was.
Anti-Distillation Defenses: Code with ANTI_DISTILLATION_CC labels — Anthropic's protection against competitors training on Claude's outputs.

The Bigger Question

The leak raises a real question about the AI tooling ecosystem. We're building on top of tools whose internals we can't inspect. When the internals accidentally become visible, we find regex-based sentiment analysis, hidden telemetry paths, and feature flags for capabilities we didn't know existed.

For builders shipping with Claude Code or similar tools: this is a reminder that the black box is real. Your prompts, your code patterns, your usage telemetry — it all goes through systems you don't control.

That's not necessarily bad. But it's worth knowing.

What This Means for You

Practical takeaways:

Check your NPM packages. Source map leaks aren't unique to Anthropic. Audit what you ship.
Your AI tool knows more than you think. Frustration detection is just the surface. These systems are instrumented.
Open source AI tools have advantages here. When the code is open by design, there's nothing to leak.

The source maps have likely been pulled by now. But the internet never forgets, and the HN discussion thread has enough detail to piece together the architecture anyway.

Building something with AI tools? Stay sharp.

z3n.iwnl →