Apple’s newly redesigned App Store web interface went live only hours before a developer discovered that its entire front-end source code could be downloaded. The reason: Apple forgot to disable sourcemaps in production.
The revamped App Store site includes dedicated pages for each platform, app category, and search section. But according to GitHub user rxliuli, Apple shipped the update with debugging files still accessible. These files, called sourcemaps, allow developers to trace code for debugging, but they should never be public in a live environment.
Rxliuli said they used a Chrome extension called “Save All Resources” to extract the complete front-end code from apps.apple.com. They then uploaded the archive to GitHub for “educational and research purposes.”
What the Repository Contains
The GitHub repository includes Apple’s full Svelte/TypeScript source code, state management logic, UI components, API integrations, and routing configuration. It even details folder structures for assets, shared modules, and region-specific content.
Although this incident does not pose a direct security risk, it is still a rare mistake from Apple. Disabling sourcemaps is one of the most basic steps before deploying a web project. Leaving them enabled exposes how an entire web application is structured.
Apple has not publicly commented on the leak as of now. The GitHub post notes that all code belongs to Apple Inc. and will be removed if requested. While there are no user or developer data risks, the archive offers an unusual behind-the-scenes look at Apple’s web framework and build logic.
This incident highlights how even a company known for secrecy can make simple deployment mistakes.
