Anthropic Source Code Leak Triggers Mass DMCA Takedowns Across GitHub

A single missing configuration line in Anthropic's build toolchain cascaded into one of GitHub's largest accidental mass-takedowns, disabling more than 8,100 repositories and laying bare the collateral damage embedded in automated DMCA enforcement.

The chain began at approximately 4:23 AM ET on March 31, 2026, when Chaofan Shou, a Solayer Labs intern posting as @Fried_rice on X, spotted a 59.8 MB JavaScript source map in version 2.1.88 of the @anthropic-ai/claude-code npm package. A source map links minified production code to its readable source, giving any downloader a full reconstruction of the codebase. The post accumulated an estimated 16 million views. The original mirror, nirholas/claude-code, was forked more than 41,500 times; one repository hit 50,000 stars in under two hours, among the fastest accumulations in GitHub history.

The file contained approximately 512,000 lines of code across roughly 1,900 TypeScript files, including 44 internal feature flags gating more than 20 unshipped capabilities. Most discussed was KAIROS, referenced over 150 times, describing an autonomous daemon mode in which Claude would operate as a persistent background agent acting proactively without user initiation. Developers also found "Undercover Mode," a subsystem designed to prevent Claude from leaking internal codenames in open-source contributions; its system prompt reads "Do not blow your cover."

Anthropic filed DMCA takedown notices as mirrors proliferated. The company's IP counsel claimed all or most forks infringed equally; because the fork network had exceeded 100 repositories, GitHub's policy triggered a takedown of the entire network, over 8,100 repositories disabled simultaneously. That swept up repositories forked from Anthropic's own official public repo, with no connection to the leaked source, leaving developers unable to access work they had never placed in legal jeopardy.

Boris Cherny, Anthropic's head of Claude Code, acknowledged the mass takedown was accidental and filed a partial retraction on April 1, documented in GitHub's public DMCA repository, limiting enforcement to nirholas/claude-code and 96 directly implicated forks. On the original packaging failure, Cherny was direct: "Our deploy process has a few manual steps, and we didn't do one of the steps correctly." The root cause was Bun, a JavaScript toolkit Anthropic acquired at the end of 2025. Bun generates source maps by default; a bug filed 20 days before the incident had flagged source maps appearing in production releases, but the configuration to exclude them was never added. Anthropic pulled v2.1.88 entirely, skipping to 2.1.89.

The internet outpaced the lawyers. South Korean developer Sigrid Jin, known for having consumed 25 billion Claude Code tokens, published a clean-room Python rewrite called "claw-code" before sunrise; it hit 30,000 GitHub stars faster than any repository in history. Legal analysts noted clean-room rewrites fall entirely outside DMCA's reach. The code was also mirrored to Gitlawb, a decentralized platform outside DMCA's practical jurisdiction. A DC Circuit ruling from March 2025, holding that AI-generated work lacks automatic copyright protection, further complicated Anthropic's position: the company's own CEO has implied significant portions of Claude Code were written by Claude.

This was not Anthropic's first source map incident. A nearly identical leak hit an earlier Claude Code version in February 2025. The March 2026 event followed by days a separate lapse in which nearly 3,000 files, including a draft blog post about an unreleased model internally known as "Mythos" and "Capybara," were inadvertently made public. Compounding developer risk: a concurrent npm supply chain attack between 00:21 and 03:29 UTC on March 31 pushed malicious versions of the axios HTTP library (1.14.1 and 0.30.4) containing an embedded Remote Access Trojan, hitting developers who updated Claude Code during that window.

Claude Code's annualized run-rate revenue reached more than $2.5 billion as of February 2026, more than doubling since the start of the year. The gap between that commercial scale and the manual processes governing its releases is now a matter of public record.