Mladich Sigil
Posts

Oopsourced Claude code

03/04/2026
Typescript
News
Fuck ups
AI

So Anthropic accidentally open-sourced part of Claude yesterday.


Not intentionally, of course — this wasn’t some bold “we believe in open ecosystems” moment. It was a classic packaging mistake: publishing an npm package with source maps that pointed back to the original, unminified source. If you’ve been around JS tooling long enough, you already know where this is going.

For anyone not deep in the weeds: source maps are meant to help debugging by mapping minified code back to readable source. The problem is, if you publish them without stripping sensitive paths or sources, you’re basically handing out your internal code structure for free.

Which is… exactly what happened.

People quickly dug through the maps and reconstructed chunks of Claude’s CLI internals. Nothing catastrophic, but definitely not something you’d expect a company at that level to leak. Especially not one whose leadership has been confidently telling us that “coding is largely solved.”

Turns out, shipping a clean npm package is not.


And that’s kind of the irony here. We’re being sold this vision of “intelligence” systems that will replace developers, while the actual delivery pipeline still trips over one of the oldest footguns in the JavaScript ecosystem. Source maps leaking code isn’t some zero-day wizardry — it’s the kind of mistake mid-level devs learn to avoid after getting burned once.

The more uncomfortable angle is what we call “intelligence” in the first place. What’s being productized here isn’t understanding — it’s very powerful pattern prediction wrapped in good UX and a lot of compute. Which is useful, sure. But when the humans around it start assuming the system “has it handled,” you end up with… well, this.

A very expensive reminder that nobody actually checked what got published.

It’s not even a security failure in the dramatic sense. It’s worse in a way — it’s process drift. The boring, unglamorous parts of engineering getting less attention because the exciting parts (models, demos, benchmarks) take center stage.

And that combination — overconfidence in “intelligence” plus underinvestment in basic engineering hygiene — is how you get stupidity squared.

If there’s a takeaway here, it’s boring but real:
check what you publish, not just what you write.

Especially if your product is literally intelligence.

Oopsourced Claude code | “coding is largely solved.” lol | Alex Mladich