Anthropic made a big mistake

Anthropic accidentally published Claude Code's full source maps to npm, exposing ~500,000 lines of source code across 1,900 files. The leak revealed several embarrassing implementation details: hardcoded regex lists for sentiment detection instead of using their own AI models, safety-critical system prompt strings stored client-side with informal comments, a hidden 'don't blow your cover' mode for Anthropic employees in public repos, and an unreleased Tamagotchi-style terminal companion feature. The leak also exposed a security vulnerability where running a specific MCP command prints environment variables including secrets to the terminal. The root cause traces back to a known Bun development server bug that incorrectly served source maps in production, reported three weeks prior but unresolved. The incident raises concerns about security exploits that may emerge from the exposed codebase, and commentary criticizes Anthropic's terms of service prohibiting users from building competing products while allegedly training on open-source code without restriction.