Swift Package Manager - How to add checkouts to source control?

Asked Jul 21 '22 at 14:04

Active Jul 21 '22 at 14:04

Viewed 53 times

By default SPM downloads packaged code to derived data folder. I would like to commit those to my project repository. Is there any way to do it?

I have some security concerns for downloading packages source code every time I need to build project on new machine. How can I be sure that the code that SPM will download will be exactly the same code every time? What if package's repository is compromised and malicious code in included? When using Cocoapods I can be sure that any remote machine is building exactly the same code that I have.

asked Jul 21 '22 at 14:04

chupacabra

3

Does this answer your question? [Save packages downloaded by SPM into project GIT using Xcode 11](https://stackoverflow.com/questions/57819160/save-packages-downloaded-by-spm-into-project-git-using-xcode-11) – Cristik Jul 25 '22 at 05:28
1

@Cristik I hoped that things changed in last 2 years since that question was asked. Unfortunately, it seems it is still not supported. Thank you. – chupacabra Jul 26 '22 at 22:05

Swift Package Manager - How to add checkouts to source control?

0 Answers0