GitHub - nblintao/awesome-claude-code-postleak-insights: A curated list of high-signal analyses, design notes, and discussions emerging from the Claude Code leak.

A curated list of high-signal analyses, design notes, and discussions emerging from the Claude Code npm sourcemap leak of 2026-03-31.

Security researcher Chaofan Shou discovered that Anthropic shipped a source map file in the Claude Code npm package, exposing the full unobfuscated TypeScript source (~1,900 files, 512K+ lines).

This is not a general Claude Code resource list, and it is not a mirror of leaked proprietary code.
The focus here is narrower: collecting the most useful post-leak materials that help readers understand Claude Code’s architecture, safety model, workflow design, and extension surface.

This event is still unfolding — the list is being actively maintained. If you’ve seen a high-quality post-leak analysis that isn’t listed here, PRs and Issues are welcome. See CONTRIBUTING.md for details.

Discussions

• Hacker News thread - Highlights include regex-based sentiment detection instead of using their own models, anti-distillation defenses in API requests, and a code quality teardown of print.ts.
• r/LocalLLaMA thread - The most upvoted thread on this leak. Includes a detailed hidden-features breakdown (KAIROS, Buddy, Undercover Mode, Coordinator Mode) and discussion on local-model integration possibilities.
• r/ClaudeAI thread - Notable for a deep dive into the cch attestation mechanism (custom Bun runtime, Zig-compiled token generation), plus findings on Capybara model variants and frustration telemetry.

Analysis

• Fake tools, frustration regexes, undercover mode, and more — Security & anti-distillation. The most code-grounded analysis, with direct file and line references. Covers fake tool injection, cryptographically-signed connector-text summarization, the ~90-line Undercover Mode, frustration detection via regex, and the Zig-based cch attestation stack. Hit HN front page.
• Claude Code’s Entire Source Code Was Just Leaked via npm Source Maps — Here’s What’s Inside — Production architecture & tech stack. Audits five major subsystems (Tool System, Query Engine, Multi-Agent Orchestration, IDE Bridge, Persistent Memory) and explains the rationale behind Bun, React+Ink, and Zod v4.
• Claude Code’s Entire Source Code Got Leaked via a Sourcemap in npm, Let’s Talk About it — Future roadmap & hidden features. Covers BUDDY (Tamagotchi-style pet), KAIROS (always-on proactive assistant), ULTRAPLAN (30-min remote orchestration), Undercover Mode, and internal model codenames (Tengu, Fennec).
• How an AI Reads the Web: A Deep Dive into Claude Code’s WebFetchTool — Single-subsystem deep dive: WebFetchTool. Covers domain whitelisting, server-side blacklist with 5-min cache, redirect sandboxing, Haiku-based summarization, and copyright guardrails across its 1,173-line implementation.
• Claude Code Source Leak: Production AI Architecture Patterns from 512,000 Lines — Context Compression & AutoDream. The only post that clearly breaks down the three-layer compression pipeline (MicroCompact → AutoCompact → Full Compact) and the four-phase AutoDream memory consolidation flow. Brief but information-dense.
• The Accidental Open Source: What Claude Code's Leaked Source Says About How You Should Be Using It — Practical configuration guide from leaked source. Corrects common misconceptions (CLAUDE.md is session-level not per-turn, sub-agents don't share context, 3 consecutive 529 errors trigger silent Sonnet downgrade) and walks through LSP tool setup, startup loading mechanics, and a phased configuration roadmap.
• Anthropic Claude Code Leak — Malware campaigns exploiting the leak. The first formal write-up from a major security vendor (Zscaler ThreatLabz, 4 researchers). Documents a fake "Claude Code leaked source" GitHub repo delivering Vidar v18.7 (infostealer) + GhostSocks (proxy) via a Rust dropper, with full IOCs (hashes, C2 IPs, Steam/Telegram channels). Also covers exposed attack surface and supply-chain vectors.
• Claude Code source has been available for 13 months, and nothing happened — why? — Timeline & threat model. Traces both leak incidents (2025-02 and 2026-03) and argues why source visibility doesn’t threaten the product.

More

Looking for broader coverage? See MORE.md for additional articles and news report that didn't make the curated list but may still be useful for broader context.

License

MIT for original content in this repository.
Linked articles, screenshots, quoted excerpts, and other third-party materials remain under their respective owners' terms.