Apple's new web store looks all spiffy, but its devs forgot to do something kinda important: Disable the sourcemaps
While this isn't exactly PC gaming news, Apple recently launched a new interface for its app store when viewed in a browser. Specifically, it makes the whole shebang work just like the Apps… err… app. Still, while it looks and works as intended, Apple's web developers forgot to do something important before making it live: disabling the sourcemaps.
This meant that someone was able to archive the source code for the site's entire frontend and stick it on GitHub (via Ruri on X). Now, I can't imagine it won't be long before this all disappears, but like AMD's accidental leak of the source code for FSR 4, once it's out on the Internet, it'll be there for good.
Apple used Svelte, but forgot to remove the sourcemap ???? https://t.co/AfsTX2zCFR pic.twitter.com/DhWkfDEkA6November 3, 2025
If you're wondering just what a sourcemap is and what the big deal is about disabling them, let me explain: Today's websites and web apps are complex affairs, and professional developers will often use a range of high-level tools to create the code for them. However, browsers work on HTML, CSS, JavaScript, etc.
So, the original code (i.e. the source code) needs to be transpiled for browsers, and for the sake of performance, the various files are often minimised and packed together to make a neat bundle that works super quickly in a browser.
A sourcemap is a file that maps the changes from the source code to the final code, so that when it comes to debugging any problems you've encountered in the end result, it's much easier to find where the issues are in the source.
Once you're happy with everything, you then just disable the sourcemap, so that the final code the browser works with is harder to trace back fully to the original source code. You don't have to do this, of course, but there are some reasons why you would want to, as explained in this blog by security firm Sentry.
In short, sourcemaps can be used to expose potential vulnerabilities, although truth be told, this is only the app store's frontend, so you're almost certainly not going to be able to prise out information about Apple, its customers, or secret hardware details. Plus, you don't really need sourcemaps to figure out the source code if you know your way around web development.
It's not a major faux pas, but you'd think that a company this size wouldn't make such a simple error. Before you rush off and see what else you can discover in Apple's new store frontend, it's worth noting that its devs have now disabled the sourcemaps. However, the full source code is still present on GitHub, so if you're an aspiring web developer, you might want to browse through it all to see how Apple does things.