Claude Code entire source code leaked via npm missing .npmignore — 2095 HN points

March 2026: Anthropic shipped Claude Code npm package with a missing .npmignore, exposing 512k lines of TypeScript source maps. A clean-room rewrite hit 50k GitHub stars in 2 hours. GitHub DMCAed nearly all forks. Sparked massive developer debate about proprietary AI coding tool transparency and security of agent scaffolding code.

Product Idea from this Signal

A web app that tracks AI coding tool spend across Copilot, Claude Code, and Cursor, normalized per commit and per PR

6.8k ▲

GitHub Copilot's June 2026 switch from flat-rate to per-token billing caused immediate cost spikes of 10x-50x for teams, with one user burning 54% of a monthly quota on a single request and the community discussion receiving 958 downvote reactions vs 24 upvotes. Simultaneously, the Claude Code source leak exposed 512k lines of proprietary scaffolding code, triggering mass debate about AI coding tool transparency and vendor lock-in. Teams now juggle three or more AI coding tools with zero visibility into normalized spend across them, and no cross-vendor spend web app exists that ties cost to actual output like commits, PRs, and repos.

ai-coding-toolsspend-analyticsdeveloper-toolsbillingcopilotclaude-codecursorcost-visibility

Competitive1000 leadsView Opportunity →