Claude Code source leak exposes Anthropic's roadmap

Plenty of leak stories turn out to be screenshots of screenshots, stitched together with vibes and panic. This one is much more annoying for Anthropic because it is easy to verify from public artifacts.

On Tuesday, March 31, 2026, the file at @anthropic-ai/[email protected]/cli.js.map resolved directly on unpkg. Pull the matching npm package page or the tarball and you land on the same basic fact pattern: the public release includes a giant sourcemap sitting next to the bundled CLI. I verified the tarball locally, and the artifact is not subtle.

That is why I do not think the smartest frame is "wow, source code leak" and then everyone faints onto a chaise lounge. The more useful frame is that Anthropic appears to have shipped a public artifact that reveals a readable slice of Claude Code's internal structure, feature lanes, and naming. In a coding-agent market, that is not just a packaging mistake. It is an accidental roadmap disclosure.

What happened in the Claude Code source leak?

Here is the short version, with the melodrama removed.

• The public unpkg URL for cli.js.map resolved on March 31, 2026.
• The matching npm tarball includes package/cli.js.map at 59,766,257 bytes.
• The sourcemap lists 4,756 source paths.
• The raw artifact also contains readable identifiers such as assistantMode and kairos, plus path clues like ../src/utils/computerUse/common.ts.

That is enough to make the story real without publishing code excerpts. And I am not publishing code excerpts here because I do not need to. The leak is already meaningful at the structure level. A clean list of files, modules, subsystems, and internal names tells outside developers a lot about what is active inside the product.

Just as important, this does not currently look like the same thing as customer-data exposure, secret leakage, or some movie-style vault crack. If people flatten those distinctions, they stop informing readers and start doing content cosplay.

How to verify the Claude Code sourcemap yourself

One reason the story spread so fast is that any developer can check the evidence in a minute or two. This is the entire problem.

curl -L https://unpkg.com/@anthropic-ai/[email protected]/cli.js.map | jq '.sources | length'

curl -L https://unpkg.com/@anthropic-ai/[email protected]/cli.js.map \
  | jq -r '.sources[]' \
  | rg 'computerUse/common.ts'

curl -L https://unpkg.com/@anthropic-ai/[email protected]/cli.js.map \
  | rg 'assistantMode|kairos'

curl -L https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-2.1.88.tgz -o claude-code-2.1.88.tgz
tar -tvzf claude-code-2.1.88.tgz package/cli.js.map

Those commands answer the main search-intent questions immediately:

• Is the Claude Code source leak real? Yes, the public artifacts are directly reachable.
• Was it only social-media rumor? No, the evidence sits in unpkg and the npm tarball.
• What leaked? A sourcemap that exposes source paths, identifiers, and internal structure.

That is also why the March 31 Hacker News thread caught fire so quickly. The evidence is public, legible, and easy to circulate among exactly the people who treat packaging mistakes like a competitive intelligence hobby.

What the public sourcemap appears to expose

The part worth slowing down for is not whether a sourcemap exists. Sourcemaps are normal. The part that matters is what kind of visibility this particular one seems to offer.

The file exposes thousands of source paths, including paths tied to Claude Code's computer-use stack such as ../src/utils/computerUse/common.ts. The raw map also includes readable names like assistantMode and kairos. Even without reposting source text, that is enough to tell the market a few useful things.

First, Anthropic's public CLI package appears to reveal more of its internal product map than a polished release should. Second, the names line up with directions the company has already been pushing in public. We have already seen Claude Code move toward more expansive operator behavior in Claude Code computer use and Dispatch, and we have already covered the broader browser race around Claude Code. The sourcemap makes those lanes look less hypothetical and more concretely wired into the product surface.

Third, rivals and wrapper builders do not need pristine source access to learn from this. Product strategy often leaks through naming, routing, and subsystem shape long before it leaks through a launch post. A source tree is a little like a half-packed suitcase. You can tell a lot about the trip before anyone reaches the airport.

Does the Claude Code source leak expose secrets or user data?

From the public evidence available on March 31, 2026, I would not claim that.

What is confirmed is a packaging exposure. What is not confirmed is a user-data breach, secret spill, or complete clean-room release of Anthropic's private repository. That distinction matters because readers searching for "Claude Code source leak" usually want two answers at once: "is this real?" and "how bad is it?" The first answer looks like yes. The second answer looks more limited and more strategic than catastrophic.

The strategic part is still serious. If you run a high-profile coding tool, outsiders learning your internal naming and active subsystem lanes is not nothing. That information helps competitors place bets, helps power users infer where the product is heading, and helps ecosystem builders decide which abstractions are likely to matter next.

So I would call this a roadmap leak, not a disaster-movie breach. That is still bad. It is just bad in a more adult and less cinematic way.

Why a sourcemap leak matters in the coding-agent race

If this happened to some sleepy internal utility, the story would be smaller. Claude Code is not in that phase anymore. It sits in the middle of a genuinely competitive AI Tools fight over workflow gravity, approval surfaces, browser reach, and developer habit.

That is why this packaging mistake lands harder now. Anthropic has already been dealing with developer frustration around Claude Code session limits and trust. It has already shown a tighter stance on access and wrapping through the OpenCode OAuth crackdown. At the same time, OpenAI is not waiting around politely; it just shipped a Codex plugin aimed directly at Claude Code users. Everyone serious in this market wants the same thing: to become the workflow developers do not bother switching away from.

In that context, a public sourcemap is not merely embarrassing. It is informative. It tells outsiders which lanes appear active, which subsystems are organized enough to ship inside the bundle, and which internal names keep surfacing. That is useful to competitors, useful to plugin builders, and useful to anyone trying to figure out whether Claude Code's future leans harder into assistant behavior, computer use, browser control, or something nearby.

The leak is also a little funny in the bleak way packaging failures are funny. Anthropic has spent weeks expanding Claude Code's authority over more of the developer workflow, then appears to have shipped a public artifact that makes some of that expansion easier for the market to inspect. That is the sort of irony only release engineering can produce.

What Anthropic should do next

The clean response here is operational, not theatrical.

Anthropic should remove or repackage the artifact, audit nearby releases for the same mistake, and explain the boundary in plain English. Developers can handle a direct statement that says, in effect, "we accidentally shipped a debug artifact in public, we fixed it, and we checked adjacent packages." What they do not need is a fog machine and a euphemism generator.

My bet is that Anthropic fixes the artifact quickly. The more durable part is that the market now has a cleaner picture of which Claude Code lanes look live.

There is also a broader lesson here. In fast-moving developer products, shipping hygiene is product strategy. The package is part of the surface. If a release artifact can teach the market where your internal heat is, then your packaging pipeline is not some boring back-office concern. It is competitive infrastructure.

The bottom line is simple. The Claude Code source leak looks real because it is independently verifiable from public artifacts on March 31, 2026. What it appears to expose is not a neat vault of secrets. It is something more strategically irritating: a readable slice of Claude Code's internal structure and direction, published in exactly the place developers know to inspect.

That is why people care. Not because software contains files. Because in a coding-agent race, even a messy map is still a map.