AI Navigate
インサイト最新記事一覧AI大全

Claude Code's source code was just leaked — here's what it reveals about the API

Dev.to / 3/31/2026

💬 OpinionDeveloper Stack & InfrastructureTools & Practical Usage
Read original →
共有:

Key Points

  • A mistakenly included source map file in the Claude Code NPM package exposed the original unminified source code, according to a Hacker News discussion and subsequent code inspection.
  • The leaked implementation shows Claude Code reads `ANTHROPIC_BASE_URL` directly from the environment with a default fallback to `https://api.anthropic.com`, with no special validation or domain allowlisting.
  • Because it uses a standard Anthropic-style API client, setting `ANTHROPIC_BASE_URL` allows developers to route Claude Code to any Claude-compatible proxy that implements the same API spec.
  • The article argues this behavior can meaningfully affect API spending, since Claude Code can quickly consume Claude Pro pricing depending on workload and usage across projects.
  • The leak mainly provides transparency into how the API override works, rather than introducing new functionality beyond confirming the mechanism developers suspected.

Claude Code's source code was just leaked — here's what it reveals about the API

A map file accidentally shipped in Claude Code's NPM package has exposed the full source code. The Hacker News thread (133pts and climbing) exploded this morning.

I dug through it. Here's what's interesting for developers who use Claude Code in production.

What leaked

A .map file in the NPM package contained the original unminified source. Map files are meant for debugging — they map minified code back to the original. Anthropic forgot to strip them before publishing.

The result: anyone who ran npm install @anthropic-ai/claude-code got the full source.

The ANTHROPIC_BASE_URL implementation

This is the part that caught my eye. The source confirms how Claude Code handles the ANTHROPIC_BASE_URL environment variable:

// From the leaked source (simplified)
const baseUrl = process.env.ANTHROPIC_BASE_URL || 'https://api.anthropic.com';
const client = new Anthropic({
  apiKey: process.env.ANTHROPIC_API_KEY,
  baseURL: baseUrl
});

It's a simple environment variable override. No special validation. No domain whitelist. Just: if you set it, Claude Code uses it.

This confirms what many developers already knew — you can point Claude Code at any Claude-compatible API proxy by setting one environment variable.

Why this matters for API costs

Claude Pro costs $20/month. Claude Code burns through that fast — especially if you're running it on large codebases, letting it do multi-step tasks, or using it across multiple projects.

The leaked source shows Claude Code doesn't do anything special with the Anthropic endpoint. It's a standard API client. That means any proxy that implements the Anthropic API spec works transparently.

I've been using SimplyLouie as my ANTHROPIC_BASE_URL for the past few months — $2/month flat rate, full Claude API access. The leaked source confirms there's nothing proprietary in the endpoint handling that would break compatibility.

# Set this in your shell profile
export ANTHROPIC_BASE_URL=https://simplylouie.com/api/claude
export ANTHROPIC_API_KEY=your-key-here

# Claude Code now routes through the proxy
claude "explain this codebase"

What else leaked

The permission system internals: The deny list that prevents dangerous operations (Bash(rm -rf:*) etc.) is straightforward string matching. Not regex, not semantic analysis — literal prefix matching on command strings.

This explains both why it works well for obvious cases and why creative users find edge cases:

// Deny patterns from source
"Bash(rm -rf:/)"
"Bash(git push --force:*)" 
"Bash(git reset --hard:*)"

The context window management: Claude Code chunks large files into overlapping segments to stay within context limits. The overlap size is hardcoded at 20% of the chunk size. If you've noticed it "forgetting" things at file boundaries, this is why.

The streaming implementation: Claude Code uses server-sent events (SSE) with a custom reconnection handler. If your terminal shows weird partial outputs, it's usually a dropped SSE connection.

The security angle

The map file exposure isn't itself a security vulnerability — the code runs on your local machine, not on Anthropic's servers. But it does confirm:

  1. Your API key is handled client-side — it never goes through Anthropic's web infrastructure, just directly to the API endpoint
  2. No telemetry in the leaked version — there's no call-home code beyond normal API calls
  3. The ANTHROPIC_BASE_URL is a full proxy — Claude Code can't distinguish between Anthropic's API and a compatible proxy

The bigger picture

The HN thread has the usual mix of "this is a nothing-burger" and "this is a big deal." The reality is somewhere in between.

For most developers, the useful takeaway is confirmation of how the API override works. For developers who want to cut their AI costs from $20/month to $2/month, the leaked source is a technical validation that the proxy approach is fully supported — it's just an environment variable.

Want to try the $2/month Claude API?simplylouie.com/developers

Free 7-day trial, no charge until day 8. The same Claude model, a fraction of the price.

Discuss the leak on HN — the thread is moving fast.

関連おすすめサービス

※当サイトはアフィリエイト広告を利用しています
🎧

Notta搭載AI議事録イヤホン ZENCHORD1

AI時代の仕事術。Notta搭載で会議の議事録を自動生成するスマートイヤホン。

🎙️

AI搭載ボイスレコーダー Plaud

世界100万人が愛用。AIで文字起こし・要約を自動化するボイスレコーダー。

🖼️

画像高画質化AIツール Aiarty Image Enhancer

AIで画像を高画質化。写真・イラストを簡単にアップスケール。