NOW LET US – AI RAG SaaS Studio TP.HCM
NOW LET US
Digital Product Studio
Back to news
DEV-TOOLS...3 min read

Obfuscation is not security – AI can deobfuscate any minified JavaScript code

Share
NOW LET US Article – Obfuscation is not security – AI can deobfuscate any minified JavaScript code

The 'leak' of Anthropic's Claude Code source code reveals a critical truth: minification is not security. In the AI era, public JavaScript files can be reverse-engineered and analyzed in seconds using LLMs.

It's April 1st, but this post is not a joke.

The internet is on fire over Claude Code's (NPM CLI to be precise) "leaked" source. 512,000 lines! Feature flags! System prompts! Unreleased features! VentureBeat, Fortune, Gizmodo, The Register, Hacker News — everyone covered it. A clean-room Rust rewrite (to dodge the DMCA) hit 100K GitHub stars in nearly a day — a world record. 110K now and counting.

Here's what nobody's saying: all of that was already public! On npm. In plaintext. For years. Open unpkg.com/@anthropic-ai/claude-code/cli.js right now — that's the entire Claude Code CLI, one click away, readable in your browser. No leak required.

What "leaked" was a source map file that added internal developer comments on top of code that was never protected in the first place, plus a directory/source structure.

What Actually Happened

A .map source map file — meant for internal debugging — was accidentally included in version 2.1.88 of the @anthropic-ai/claude-code package on npm. Security researcher Chaofan Shou spotted it, posted on X, and the internet did the rest.

Anthropic confirmed the mistake: "This was a release packaging issue caused by human error, not a security breach." The package was pulled, but by then it had already been mirrored everywhere.

The funny part? This is the second time. A nearly identical source map leak happened in February 2025. Same product, same mistake, thirteen months apart.

The Internet Lost Its Mind — In One Day

What happened next was genuinely impressive. In a single day:

  • Code dumps appeared on GitHub — like nirholas/claude-code, which was DMCA'd by Anthropic within hours but not before being forked hundreds of times.
  • Claw Code — a full Rust rewrite of the Claude Code architecture — hit 50,000 GitHub stars in 2 hours, making it the fastest repo in history to reach that milestone. It's now being actively developed as an open-source AI coding agent framework.
  • ccleaks.com popped up — a fully designed breakdown site cataloging every unreleased feature, hidden command, and build flag found in the source. Complete with shareable cards for discoveries like "BUDDY" (an AI companion pet), "ULTRAPLAN" (30-minute remote planning mode), and 44 other feature flags.

But the Code Was Already There

Here's what most of the coverage missed: Claude Code ships as a single bundled JavaScript filecli.js — distributed via npm. It's 13MB, 16,824 lines of JavaScript. And it's been sitting there, publicly accessible, since the product launched.

We analyzed this file at AfterPack as part of a deobfuscation case study. What we found: it's minified, not obfuscated.

Minification — what every bundler (esbuild, Webpack, Rollup) does by default — shortens variable names and removes whitespace. It makes code smaller for shipping. It was never designed to hide anything. Obfuscation is designed to make reverse engineering computationally expensive. Claude Code has the first. Zero of the second.

All 148,000+ string literals sit in plaintext. Every system prompt, every tool description, every behavioral instruction — right there in the JavaScript, readable with a text editor. No source maps needed.

We Asked Claude to Deobfuscate Itself

Here's where it gets interesting. We didn't need source maps to extract Claude Code's internals. We asked Claude — Anthropic's own model — to analyze and deobfuscate the minified cli.js file. It worked. Extremely well.

Using a simple AST-based extraction script, we parsed the full 13MB file in 1.47 seconds and extracted 147,992 strings. After categorizing them:

  • 1,017 system prompts and instructions
  • 431 tool descriptions
  • 837 unique telemetry event names
  • 504 environment variables controlling the product's behavior
  • Hardcoded endpoints, OAuth URLs, and API keys.

LLMs are shockingly good at deobfuscation, transpilation, and structure-to-structure conversions. The source maps didn't reveal the code. The code was already revealed. Source maps just added comments and a source tree structure on top.

This Happens More Than You Think

This isn't an Anthropic-specific problem. It's an industry-wide accepted practice. We ran scanners on GitHub's own website and found email addresses, environment variable names, and internal URLs all sitting in production JavaScript and source maps, publicly accessible.

AI Makes This Urgent

Minification was never security. It's a size optimization. Variable renaming that slows down human readers is trivial for LLMs. If you ship it to the browser, AI can read it.

© 2026 Now Let Us. All rights reserved.

Source: Hacker News

Advertisement
Ad slot ready: 5887729102

More in this category

NOW LET US Related – GLM 5.2 Is Out

dev-tools

GLM 5.2 Is Out

Zhipu AI has officially released GLM-5.2, its most powerful open-source model to date, featuring a 1M context window and advanced long-horizon task capabilities. The release underscores Zhipu's commitment to open-source AI and global scientific collaboration amid rising technological restrictions.

NOW LET US Related – Treating pancreatic tumours may have revealed cancer's master switch

dev-tools

Treating pancreatic tumours may have revealed cancer's master switch

A promising new drug called daraxonrasib has shown breakthrough results in treating pancreatic cancer, doubling median survival times. This achievement could pave the way for an entirely new class of cancer treatments.

NOW LET US Related – Leaving Mozilla

dev-tools

Leaving Mozilla

A poignant and candid reflection from a 15-year Mozilla veteran upon their departure. The author highlights the leadership's missteps in trying to emulate tech giants and urges Mozilla to return to its core values: community and uniqueness.

NOW LET US Related – Shepherd's Dog: A Game by the Most Dangerous AI Model

dev-tools

Shepherd's Dog: A Game by the Most Dangerous AI Model

A developer tested Anthropic's latest, supposedly 'too dangerous' AI model by asking it to build a long-held game idea in a single shot. The model succeeded, generating a complete 2,319-line game after a 45-minute reasoning session.

NOW LET US Related – Open source AI must win

dev-tools

Open source AI must win

If artificial intelligence becomes a utility rented only from a few closed institutions, humanity loses its operational freedom. Open-source AI is a vital infrastructure for the future of our digital society.

NOW LET US Related – Statement on US government directive to suspend access to Fable 5 and Mythos 5

dev-tools

Statement on US government directive to suspend access to Fable 5 and Mythos 5

The US government has issued an export control directive forcing Anthropic to suspend all access to its Fable 5 and Mythos 5 models due to national security concerns, a move the AI safety startup strongly disputes.

EXPLORE TOPICS

Discover All Categories

Deep dive into the specific technology sectors that matter most to you.

AI Frontier

AI Frontier

Foundation models, multimodal systems, and enterprise use cases.

Agentic Systems

Agentic Systems

Task-oriented automation workflows for real operations.

SaaS Growth

SaaS Growth

CAC, LTV, retention, and growth optimization.

Dev Tools

Dev Tools

Codegen tools, next-gen IDEs, and modern dev workflows.

Cybersecurity

Cybersecurity

AI security, Zero Trust, and proactive defense.

Cloud & Infra

Cloud & Infra

Cloud Native, Edge Computing, and GPU Clusters.

Robotics

Robotics

Humanoid robots, autonomous vehicles, and smart hardware.

Startups & VC

Startups & VC

Funding trends, M&A, and the startup ecosystem.