Just hours after Apple rolled out its new web-based App Store, a misconfiguration inadvertently led to the complete exposure of its front-end source code. Apple recently introduced a web-based version of the App Store (accessible at apps.apple.com), enabling users of non-Apple devices to browse and share apps seamlessly. However, a user identified as rxliuli managed to access and subsequently publish the code on GitHub.

The security lapse stemmed from Apple’s failure to disable the sourcemap feature in the production environment during the deployment of the new website. Typically, this feature should be deactivated upon the official launch to safeguard against the inadvertent exposure of source code. The leaked code encompasses the core front-end components of the App Store, yet industry experts suggest that the actual impact of this breach is relatively limited.

Since the leak solely involved front-end code and did not compromise any user data or expose the core back-end business logic, it does not present an immediate threat to security and privacy. Nevertheless, this incident is widely regarded as a “rare misstep” on Apple’s part, as it grants outsiders a rare glimpse into the technological choices and code architecture employed by Apple’s front-end development team.