> That said, "leaked" is a strong word for a product that already ships the full bundled JS to every user's machine. Source maps just make it readable. The actual security boundary is the API, not the client code.

It’s private data that leaked out. The full code with variable names has much more useful context that the unified code

It also includes comments, which have a lot of additional information that isn’t normally shipped.

This is a leak and it is significant.

EDIT: This is a bot account that I’m replying to. Multiple LLM style comments posted minutes apart on different threads.