Purpose
Manage SPM dependencies safely: check for updates, audit for issues, and add packages with verification.
Arguments
- •
--check— Check for outdated packages (default if no args) - •
--audit— Check for known security issues - •
--update— Update to latest compatible versions with test verification - •
--add <package>— Add a new package (URL or shorthand)
Workflow
Check (--check)
- •Parse
Package.swiftorPackage.resolved - •Query package registries for latest versions
- •Report packages with updates available
- •Categorize: minor, major
Audit (--audit)
- •Check dependencies against known vulnerability databases
- •Report any security advisories
- •Suggest updates or alternatives
Update (--update)
- •Show packages to update
- •Ask for approval
- •Update:
swift package update - •Build to verify:
xcodebuild build - •Run tests:
xcodebuild test - •If tests pass, report success
- •If tests fail, rollback and report
Add (--add)
- •Validate package URL or resolve shorthand
- •Add to
Package.swiftor via Xcode - •Resolve dependencies
- •Build to verify
- •Report usage instructions
Package shorthands
Common packages can be added by name:
- •
alamofire→https://github.com/Alamofire/Alamofire.git - •
kingfisher→https://github.com/onevcat/Kingfisher.git - •
swiftyjson→https://github.com/SwiftyJSON/SwiftyJSON.git - •
snapkit→https://github.com/SnapKit/SnapKit.git
For universal safety rules and update priority order, see /shared-deps-safety. iOS addition: prefer exact versions for production.
Output
Check output
code
Package dependencies: Up to date: - swift-argument-parser 1.2.3 Updates available: - Alamofire: 5.8.0 → 5.9.1 (minor) - Kingfisher: 7.10.0 → 8.0.0 (major ⚠️)
Audit output
code
Security audit: No known vulnerabilities found. Recommendations: - Kingfisher: Consider updating to 8.x for iOS 17 improvements
Reference
For SPM commands and common packages, see reference/ios-deps-reference.md