Apple’s new web App Store accidentally exposes full front-end code on GitHub after sourcemap blunder

Apple App Store

Apple’s recent launch of its redesigned web App Store took an unexpected turn after a GitHub user managed to extract and upload the entire front-end source code of the new interface — all because Apple forgot to disable sourcemaps in its production build.

The incident unfolded just hours after the new App Store site went live, offering dedicated pages for each Apple platform, improved search, and reorganised app categories. But according to a GitHub user named rxliuli, the new web interface shipped with sourcemaps still enabled, effectively making the full codebase available through standard browser developer tools.

Using a Chrome extension, the user extracted all of the available front-end resources and uploaded them to GitHub, claiming the move was purely for “educational and research purposes.” The repository included everything from Svelte and TypeScript source files to UI components, state management logic, routing configuration, and API integration scripts.

While the leak doesn’t expose any sensitive data or security credentials, it’s still an embarrassing lapse for Apple — a company known for its obsessive control over product secrecy and software integrity. Disabling sourcemaps before public release is considered one of the most basic steps in web deployment.

The GitHub repository may not stay public for long, as Apple is likely to file a takedown request under the Digital Millennium Copyright Act (DMCA). Still, the brief exposure provided an unusual glimpse into Apple’s front-end engineering practices — particularly its use of modern frameworks like Svelte for large-scale consumer applications.

For now, the incident serves as a reminder that even companies with tight security pipelines can slip on the simplest configuration mistakes.