. Anthropic narrows Claude Code leak takedown after hitting 8,100 repos

Anthropic’s Claude Code leak is already turning into a second problem. A day after the source spill, the company’s attempt to contain it ended up hitting about 8,100 GitHub repositories, including legitimate forks of Anthropic’s own public Claude Code repo, before the notice was pulled back. 

Boris Cherny, who leads Claude Code, said on X that the overreach was accidental. Anthropic later told TechCrunch it had narrowed the notice to one repository and 96 forks, and Business Insider reported that the remaining named repo belonged to @nichxbt.

That changed the story fast. The first wave of coverage was about how Claude Code source got out. The next wave is about what happened when Anthropic tried to pull it back. Instead of closing the episode, the takedown opened up another one and dragged the company into a public fight over its own developer footprint.

Anthropic is also changing the path it wants users to take. Its release notes now show Claude Code 2.1.89, and its setup docs say npm installation is deprecated in favor of the native installer. The same docs point users to a stable channel that trails the newest releases, giving developers a slower, safer update path after a week in which the npm route became part of the story.

Also read: Anthropic wins first court fight over Trump and the Pentagon blacklist.    

The leak is creating a more practical security problem too. SOCRadar said the aftermath has already triggered typosquatting attempts using package names such as audio-capture-napi, color-diff-napi, image-processor-napi, modifiers-napi, and url-handler-napi. 

Those names matter because SOCRadar says they appear designed to mimic Claude Code’s internal private dependencies. In other words, developers experimenting with mirrored source could end up pulling public lookalikes instead of the packages the leaked code originally expected.

And by now the spread has moved well beyond mirrors of Anthropic’s original files. Reports say that developers began recreating parts of Claude Code in Python within hours of the leak, and that the Claw Code effort quickly became one of the breakout projects of the fallout. Its creators told they were trying to rebuild the architecture in a way they considered legitimate while Anthropic was still pulling copies of the original code off GitHub.

So Anthropic is dealing with more than an accidental source-code exposure now. It is dealing with a takedown that went too wide, a fresh dependency-confusion risk around the leaked ecosystem, and community rewrites that keep the architecture moving even as the company tries to lock down the original code.