Claude Code got leaked

coding has largely been solved. Well, I mean, it's been largely solved thanks to Anthropic for releasing opensource all of Claude code again. Yes, this is actually the second time that Anthropic just published all of it. Now, the last time they did that, they went through and DMCA all these people on GitHub. So, just as a warning, if you happen to have their code this time, you might find yourself in a little bit of trouble. And I would probably recommend not publishing it on GitHub or downloading it because you will be violating their terms of service. And let's just face it, their terms of service super important. Oh, your little GPL license. Yeah, that doesn't matter. They get to use that for training, idiot. All right. So, what actually ended up happening is that anthropic with cloud code published to npm all of it. All the source maps. And if you don't know what a source map is, it effectively allows you to have minified JavaScript. And then if you apply the source map, it can translate the minified JavaScript back into the original structure of the code. That means 100% of the code with all of its long names, everything that you could possibly want is available on npm. My assumption is it's already been taken down at this point, but nonetheless, Claude accidentally published it all and people have been having a heyday. There is some really, really, really funny things. There's some things that are less so funny and also it showed that Anthropic is susceptible to the Axios supply chain attack as well. So probably the first thing you're thinking is how in the world would Anthropic make this mistake? I mean this feels kind of like a rookie mistake, right? Well, you remember that one time they acquired a JavaScript runtime? You remember? You remember that time a little bit back ago? Well, it turns out 3 weeks ago, a guy named Jake G, hey, pour one out for Jake G, opens up a ticket that says, "Buns front-end development server source maps incorrectly served when in production." 3 weeks ago, GitHub actions, hey, this is probably a duplicate issue found via cloud code. O like, oh my gosh, you just can't make this stuff up. 3 weeks ago, this is a duplicate. 2 weeks ago, more Hey, by the way, it's still running. 4 hours ago. Is this the cause of Anthropic's embarrassing Claude code source leak? H I wonder why they haven't addressed the issue. They already got paid. Oh my gosh. Then of course from there on out it's just been no everybody just dunking on that. Poor Daario. Okay, can we just pour Can we just pour one out for poor Daario? Right now he's probably making a very painful face and realizing that the safety of the world might be compromised if Claude Code's code is still available publicly. Now, I'm not going to actually show any of the actual code, but I will go over some Twitter screenshots. Now, there is a small chance I'm going to get hit with one of them DMCA takedowns because of this. And if they do, brothers, we're making a video. Okay, we're we're going to we're going to milk that. But first, a word from our sponsors. All right. Hey, hiring engineers is broken right now. AI resumes, fake profiles, and senior devs who don't even use Vim. G2I fixes that. Not the Vim part, the hiring part. because they have prevetted 8,000 plus engineers through real technical interviews. So, you can review quality candidates in days, not months. And I've talked about G2I before for backend and front-end roles. But if you're also interested in AI roles, G2I needs to be the first place you go and check out. Get a 7-day trial plus $1,500 off using my code. Visit g2i.co/prime. But hold on, there's more. You know, I love React Miami, right? Well, now there's another conference called AI Engineer that's going to take place also in Miami, right next to React Miami. So, if you don't want to have skill issues like I have with AI, you need to go to the conference. Use code Prime50 off for 50 off and I'll see you in Miami. And let's pretend you owned say a multi-billion potentially trillion dollar company and which had the world's most sophisticated AI of all time. How would you say determine sentiment of a prompt? Now, if you would have guessed a hard-coded reax that determines if you said the word dam or not, then you are 100% correct because that's what Claude Code does. Look at this. This is on Twitter right here. This is what they actually do. If you if you say the word horrible or dumbass, awful or piss, pissed, pissing, piece of [ __ ] crap, junk, what the [ __ ] Hell [ __ ] broken, useless, terrible, awful, horrible. [ __ ] you. Screw this. you. So frustrating. This sucks. Damn it. That's a negative pattern right there. Okay, that means you're having some negative patterns. There's just something so funny about a company that just literally has access to a model that can determine sentiment and they're just like, "Yeah, we can't use that. That's like that's impossible. We're we're going to use a 2005's white list." Fellas, come on. Coding has largely been solved because this style of problem solving, it's been around for decades. Have you ever wondered how Claude Code does its skills? Well, it turns out there's some very great great ones inside the repo, including cyber risk instructions, which is just one long embedded string with a comment saying, "Hey, if you're going to modify this, you first need to go reach out to David or Kyla. Hey, no screwing around, okay? The safety team has hand artisally crafted this string, and if you mess it up, you mess it up for everybody." I would have at least thought that these things would have been like server side, you know, so that way no one can mess with this. just like no actually it's kind of you know it's off limit so you can't touch it blah blah blah no no it's just it's just literally right there also something that kind of felt really disappointing they are actually building a buddy like a Tomagotchi inside the terminal apparently this is going to be released April 1st through the 7th and then maybe even longterm just out there at infinitum so that way you can have like a little terminal buddy this is honestly like an AI lab boooo okay you got to collect out all these buddies and you just might if you are lucky you could possibly get a legendary Cosmos Hail or a Nebu Lynx. They also have a shiny chance. So, you like this is just full-on Pokemon cards. They're just creating Pokemon tradable cards inside of Claude Code. This is or really I mean it's not even Pokemon cards. What am I saying? This is This feels closer to NFTTS. They're actually creating NFTTS right now. Somebody on the marketing team at Cloud was like, "You know what? We need we need more Tamagotchis." Okay, that's what I love as an elder millennial. That that speaks to my soul and I assume everybody using our product is an elder millennial just like me. So, a Tamagotchi, we're going to get some max plans out of that. Also, they have this weird don't blow your cover mode. So, if you are an anthropic employee poking around in a public repo, it has all these rules like, hey, you're not supposed to say that you're Claude Code or mention that you are an AI anywhere at any point. Don't mention anything internally. Don't do co-authored by lines or any other attribution. It just seems weird, right? So any anthropic employee is not allowed to be caught using clawed code in public. Like what is it? What why is that a bad thing? Also, why are you hiding? Hiding it just somehow makes it be like, oh yeah, yeah, look at that. Wow, anthropic employee using cloud code. Crazy. And instead, it's just like anthropics trying to hide them. Why? What are you doing? Are you doing something naughty? It honestly just makes you sound like a bad guy. Again, Dario, you're being a bad guy. You don't have to be a bad guy. Just quit doing things that just feel slimy. But on a more serious note, something that I think is pretty important to kind of talk about is that whenever these type of things happen where a bunch of source code gets leaked that was meant to be hidden and there's 500,000 lines of source code apparently spread over 1,900 files, there's just going to be bugs and security issues that would normally be very hard to discover. now are just fully available. People are in fact going to figure out how to take like advantage of you. There's already people kind of starting to find stuff and luckily they're making it publicly available, but there's a bunch of people that are going to be holding on to things that you won't know about. Like this one right here, the MCP command is wild. run claude MCP get name and it happily spits out MCP server URLs headers OOTH hints and for standard input output servers the entire environment block if your envir contain secrets they get printed straight to your terminal whoopsies I don't know how this can be used but at some point this will be used to and you will be had okay your sweet AWS credentials for your company yeah there's going to be a lot of ko being ran on your behalf now granted kro can't really actually do anything besides for take down prod. So probably no honestly you're safe. You can you can leak your AWS credentials. No one no one wants that crap. But your Gemini credentials they're going to want. So I just have a sneaking suspicion that we're going to see, you know, some issues kind of arise over the next 6 months of uh just skills that can take advantage of certain internal uh setups. Because let's just face it, Claude Code is very vibe coded. Chad GPT called it staff level spaghetti. I actually don't know what that means. I'm not really sure the difference between a junior level and a staff level spaghetti, but nonetheless, a company moving this fast is just going to have so many flaws. And now it's out there for people to be able to digest and actually take advantage of it. This last part is going to be I I would say just a bigger a bigger general warning for using Clawude just in general, which is that they have a terms of service saying that you cannot use Claude to build a competing product. Now, this can get a little bit confusing cuz what does it mean a competing product? Well, what if you're building an always on bot? Is that competing with Chyros, the always on Collad? Maybe you're building some sort of remote planning sessions. Is that competing against Claude? Maybe you're coming up with some nice ways to be able to do some kind of system caching of memory so that users can have more of a persistent feeling session going on. Or maybe you're just working on multi- aent orchestration mode. Well, all of these Claude's also working on and perhaps if you get just successful enough, you might be deemed a competing product. Don't forget there's been a long history of companies abusing this and I am completely convinced that Anthropic does not like its user base. You guys are all safety liabilities. Okay, I'm not going to say this is going to happen, but I also wouldn't be surprised if it did. There's something so hilarious about the idea that Anthropic accidentally releases all of its source code and then it's just like, hey, you can't look at that. That's actually illegal. You're not allowed to look at that. Yeah, sure. We used all of yours and likely used all of your, you know, regardless of the type of license you put on there. We definitely took all of that, used all of it, have approximately somewhere between 85 to 95% of it perfectly stored within our weights and can be actively recalled like we did with the sorcerer stone or the philosopher stone with Harry Potter. But hey, that hey, that doesn't count as bad. But if you take our code, then we're going to sue you. We're going to come after you because we are the correct ones. We are the holy ones. Like I just a it's hilarious that they do it, but b it just I just it just makes me hate them so much more. There's something about anthropic that just every time I hear this guy talk, I think he it just seems like he's becoming a super villain over and over. It's like he's a super villain in training. I always thought it was going to be Sammy Samboy Almond that was the super villain in training. I am now convinced it's Daario. Bro's out here villain maxing and it just makes me feel uncomfortable. But perhaps the best outcome of this whole source code being leaked is the fact that someone was able to make a PR to Claude Code to help them open source. And even better, the PR was generated with Claude Code. You actually can't ask for something funnier. All right, this might be the longest video I've ever recorded, so I don't know. I'm I'm I'm sorry. Or you're welcome. A jen.