Just hours after Apple launched a revamped web interface for the App Store, a GitHub project was released with the site’s entire front-end source code. Here’s how that happened.
Apple forgot to disable sourcemaps in production on the new web interface for the App Store
Yesterday, Apple launched a new web interface for the App Store, complete with dedicated pages for each of its platforms, app categories, and search.
The problem is that, according to user rxliuli on GitHub, Apple accidentally shipped the new App Store with sourcemaps enabled. This allowed them to download Apple’s complete front-end codebase straight from the production site.
In the repository, rxliuli says that they used a Chrome extension to extract and save all the available resources from the web App Store, and that they decided to archive them on GitHub for educational purposes.
Here’s some of what’s included in the repository:
Complete Svelte/TypeScript source code
State management logic
UI components
API integration code
Routing configuration
What does this leak mean?
In practice, this is not a huge leak, and doesn’t immediately pose any security or privacy risks to Apple, to developers, or to users. Still, it is a rare misstep, as disabling sourcemaps in production tends to be an elementary step for such projects.
Rxliuli claims that “source code was obtained from publicly accessible resources through browser developer tools,” and that the “repository is for educational and research purposes only”. Still, it is not a far-fetched assumption to claim that its availability may not be long for this world.
So if you’re curious to take a peek under the hood of how Apple built and structured the front end of the new web App Store, you may want to do it sooner rather than later.
Accessory deals on Amazon
FTC: We use income earning auto affiliate links. More.
