Anthropic Leaked Its Own Source Code and May Not Own It

On March 31st, Anthropic shipped version 2.1.88 of Claude Code to npm with a 60MB source map file that was supposed to stay internal. That file pointed to a zip archive on Anthropic's Cloudflare R2 bucket containing the entire TypeScript source. 1,900 files. 512,000 lines of code. The full architectural blueprint of one of the most commercially successful AI coding tools ever built. Security researcher Chaofan Shou spotted it within hours. By the time Anthropic pulled the package, the codebase had been mirrored, forked over 41,500 times on GitHub, and archived on decentralized platforms that don't respond to takedown notices. What followed was a 12-hour chain reaction that may have permanently changed the legal landscape for AI-generated code. Anthropic's response was a DMCA blitz. GitHub disabled over 8,100 repositories. The original mirror and its entire fork network went dark. Lawyers moved fast. But a Korean developer named Sigrid Jin moved faster. Jin, previously profiled by the W