The following Podfile example installs the AFNetworking and CocoaLumberjack libraries: In July 2024, CocoaPods has been found to have multiple security vulnerabilities that could allow attackers to take control of unclaimed software packages and inject malicious code into applications.
These issues have since been patched, but they exposed millions of iOS and macOS apps to supply chain attacks for an estimated period of 10 years.
With the announcement of Swift Package Manager (SPM) by Apple in 2015, maintainers' ties to the project weakened, with updates driven mostly by security fixes or Xcode compatibility issues.
Despite this, CocoaPods' usage has continued due to its role in frameworks like React Native and Flutter, though many users are currently unaware of its existence or inner workings.
With Apple's SPM as its successor and declining active development, the CocoaPods team is now reassessing the project's future and maintenance approach.