Was the Claude Code leak due to a bug in Bun? Bun's founder locked the thread after denying it.

According to 1M AI News monitoring, the Claude Code source code leak incident has triggered a chain attribution. Developer jakeg raised a question under Bun's GitHub issue #28001: Claude Code is built using Bun, and Bun has a known bug (`Bun.serve()` still serves the source map file in production mode). Is this the root cause of the leak? The comment quickly received nearly a hundred emoji responses, and many developers rushed to comment.

In December 2025, Anthropic acquired Bun, with the acquisition announcement stating, "Bun is a key part of the Claude Code infrastructure expansion process," and Jarred Sumner and the team joined Anthropic as part of the acquisition. Jarred Sumner then personally responded: "This has nothing to do with Claude Code. This bug is specific to Bun's frontend development server. Claude Code is not a frontend application; it is a TUI (terminal user interface program) that does not use Bun.serve() to build a single-file executable package." He then locked the issue to prevent non-collaborators from further commenting and changed the title to emphasize "Bun's frontend development server" to avoid confusion.

The two issues are entirely different technically. Bun #28001 is a frontend server configuration bug where `Bun.serve()` still exposes the `.map` file to the browser after setting `development: false`; the Claude Code leak, on the other hand, involved an accidental inclusion of a ~60MB source map file in the v2.1.88 npm package, with Anthropic stating that it was a "packaging mistake due to human error," constituting a CI/CD build configuration error. The Bun bug, submitted since March 11, has been unresolved for three weeks since.