Anthropic's Overbroad DMCA Takedown Briefly Nuked 8,100 GitHub Repos

Eight thousand one hundred GitHub repositories went dark after Anthropic filed an overbroad DMCA takedown targeting leaked Claude Code source code on March 31, 2026. Most were restored within 24 hours, but the disruption window was long enough to take down CI pipelines, break distribution links, and freeze developer access without warning. For the retro emulation community, which relies on GitHub for source hosting, release artifacts, and compatibility database management, the incident is a pointed operational warning.

The chain of events began when a software engineer discovered that Anthropic had, seemingly by accident, included access to the source code for its Claude Code command-line application in a recent release. The mechanism was an NPM package that shipped a source map large enough to allow reconstruction of the company's proprietary TypeScript source. Developers found it almost immediately and began forking and mirroring before Anthropic could react, prompting the company to file takedown notices the same day.

That is where the scope became a problem: because the reported network contained more than 100 repositories and Anthropic asserted that most forks were equally infringing, GitHub processed the takedown against the entire network of 8,100 repositories, inclusive of the parent repository. That net swept in legitimate forks of Anthropic's own publicly released Claude Code repository.

Developer Theo (t3.gg) was among those caught in the sweep; his fork contained no leaked source code at all, only a pull request where he had edited a skill. Anthropic engineer Boris Cherny acknowledged the collateral damage, writing: "This was not intentional, we've been working with GitHub to fix it. Should be better now." A partial retraction followed on April 1, pulling back the notice against all repositories except the original and 96 forks. Anthropic retracted the bulk of the notices and GitHub restored access to the affected forks, but not before a full day of disruption landed on thousands of developers who had done nothing wrong.

For anyone maintaining an emulator, compatibility database, or BIOS tool on GitHub, this incident should register as concrete operational risk rather than abstract legal theory. Emulation repositories already carry enforcement exposure from game publishers, but the Anthropic case introduces a different threat vector: your project does not have to be the target. GitHub's DMCA process, when it receives a properly formatted complaint, may disable or remove content, and maintainers must file a counter-notice and wait out a statutory window before content can be restored. An overbroad notice from an unrelated rights holder can sweep your stable release branch into a takedown purely because it shares a fork network with something else.

The mitigation steps are not complicated, but they require acting before a notice arrives. Push a read-only mirror to a second platform; GitLab, Codeberg, and self-hosted Gitea all support automated sync and give you an independent distribution channel that survives a GitHub outage. Distribute every release artifact to an independent host alongside GitHub Releases so a disabled repo does not also kill your download links. Back up issue tracker content and wiki pages on a regular schedule, since neither is included in a standard git clone and both disappear when a repo goes dark. Maintain signed checksums for your release builds and host the manifest somewhere independently accessible, giving users a way to verify integrity from any mirror. Finally, identify your counter-notice process and a legal contact before you need them; the DMCA's restoration clock starts the moment a notice is filed, and an unprepared maintainer loses days they cannot recover.

This was Anthropic's third code leak in under a year. The emulation community has watched enough hosting platforms collapse, enforcement waves hit, and services disappear to know that "resolved in 24 hours" is the optimistic version of this story. Build for the version where it is not.