Why were Claude Code source repos removed?

What happened and why it matters

Anthropic’s accidental leak of Claude Code source code triggered a fast security and IP cleanup effort. The company used copyright takedown notices to remove copies of the leaked materials from GitHub, and the takedown wave unintentionally swept up legitimate forks that did not contain the leaked code itself.

That sequence matters for two reasons:

1) Supply-chain risk for developers using “agent” tooling. Claude Code is the kind of software that other developers build on, fork, and integrate into their own workflows. Even if the original leak was accidental, widespread distribution increases the chance that malicious or tampered versions could circulate.

2) Takedowns can create collateral damage. When large-scale removals are driven by automated processes—like repository takedowns—projects that are functionally independent can still be affected. That can disrupt legitimate engineering work and, in the process, make it harder for teams to audit what’s available in the ecosystem.

The immediate impact

After Anthropic initiated takedown requests to contain the spread, thousands of GitHub repositories were removed. However, a portion of those removals consisted of legitimate forks, showing that the containment effort was broader than the underlying leak itself.

For teams relying on coding agents and open-source integrations, the lesson is that “cleanup” actions around sensitive leaks can still ripple outward. Developers may need to revalidate dependencies, check repository provenance, and verify that copies they use have not been replaced or removed during the takedown window.