No commit activity in last 3 years
No release in over 3 years
CocoaPods is vulnerable to duplicated Pods in Private and Public repos, this plugin provides a way to prevent a dependency from using a different source
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 1.3
~> 12.3

Runtime

 Project Readme

cocoapods-protected-dependencies

Protect your project from using depenencies from undesired sources (Dependency Confusion).

Installation

  1. Add to your Gemfile

    gem 'cocoapods-protected-dependencies'
  2. Add to Podfile

    plugin 'cocoapods-protected-dependencies'
  3. Run

    bundle install

Update

Run

bundle update cocoapods-protected-dependencies

Usage

This plugin hooks the depenency resolver, this ways pod install, pod update, pod lib lint are all protected from using incorrect sources, no special command is needed.

The only requirement is creating a configuration file protected-specs.yml

Configuration File Format

The configuration is an array of sources which contain a name attribute, source and a regex or an array of strings.

Example with regular expression:

- name: 'My Source'
  source: git@github.com:itaybre/my_repo_specs.git
  regex: (IT|UY)*

This will allow any dependency from my_repo_specs that start with IT or UY.

Example with array of dependencies:

- name: 'My Source'
  source: git@github.com:itaybre/my_repo_specs.git
  libs: 
    - ITDemoProject
    - UYVulnerable

This configuration will only allow the dependencies ITDemoProject and UYVulnerable.