Claude Code Leak Sparks Explosive GitHub Growth
A massive Claude Code leak triggered one of GitHub’s fastest-growing repos ever. Here’s what happened, why it matters, and the legal fallout.
A single packaging mistake has triggered one of the most dramatic moments in AI development history. What began as a routine update to Anthropic’s Claude Code quickly spiralled into a viral GitHub phenomenon — exposing proprietary code, igniting legal debate, and showcasing just how fast the open-source world moves.
What Actually Happened?
In the early hours of March 31, Anthropic accidentally published a critical file inside a routine npm package update. That file — a JavaScript source map — allowed developers to reconstruct the platform’s entire TypeScript codebase.
Key facts about the leak:
Around 512,000 lines of code exposed
Roughly 1,900 internal files revealed
Included CLI tools, agent architecture, and feature flags
Exposed a hidden feature called “Undercover Mode”
No model weights or user data were leaked
The issue was traced back to a simple but costly oversight: failing to exclude source map files during production bundling.
Anthropic later confirmed it was human error, not a cyberattack — but by then, the damage was already done.
The GitHub Explosion
Once the code hit the public domain, it spread at lightning speed.
Mirrors appeared across thousands of repositories before takedown requests could even begin. But one developer took things further — and changed the story entirely.
Enter the “Claw-Code” Rewrite
Developer Sigrid Jin didn’t just mirror the leak. Instead, they created a clean-room Python rewrite of the exposed system.
This project, published as “claw-code,” quickly became a viral sensation.
Why it blew up so fast:
Claimed 50,000+ stars in just 2 hours
Rewritten from scratch in Python (not a direct copy)
Expanded with additional improvements and experimentation
Followed by an ongoing Rust rewrite
This wasn’t just code redistribution — it became a community-driven evolution of the original tool.
Meanwhile, others pushed the original code to decentralised platforms, declaring it effectively “impossible to erase.”
Legal Grey Zones and Industry Impact
Anthropic moved quickly, issuing over 8,000 DMCA takedown notices. But the situation is far from straightforward.
The legal complications:
Direct copies are clearly infringing
Clean-room rewrites may qualify as new intellectual property
AI-assisted code raises questions about who owns what
A recent 2025 U.S. court ruling adds another twist:
AI-generated content may not automatically qualify for copyright protection.
That could weaken claims over parts of the leaked system — especially if AI played a role in its creation.
Why This Matters for AI and Open Source
This incident highlights a bigger shift happening in tech:
1. Speed of distribution is unstoppable
Once code leaks, containment is nearly impossible. GitHub, mirrors, and decentralised hosting ensure rapid spread.
2. Open-source culture moves faster than legal systems
Developers can analyse, rewrite, and improve tools in hours — far quicker than legal action can respond.
3. Competitive advantage is fragile
Even partial exposure of internal tooling can:
Accelerate competitors
Reveal product roadmaps
Undermine proprietary advantages
4. AI companies face new risks
As AI tools grow more complex:
Build pipelines become attack surfaces
Simple errors can have massive consequences
Transparency vs secrecy becomes harder to balance
A Turning Point for AI Development?
Anthropic was reportedly pursuing a massive valuation ahead of a potential IPO — making the timing particularly sensitive.
But beyond one company, this event signals something bigger:
The line between proprietary AI systems and open ecosystems is blurring — and once something leaks, the internet doesn’t forget.
For developers, it’s an opportunity.
For companies, it’s a warning.
Enjoyed this? Get the week’s top France stories
One email every Sunday. Unsubscribe anytime.
