Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/itaybre/cocoapods-protected-dependencies
Protect your project from using dependencies from undesired sources
https://github.com/itaybre/cocoapods-protected-dependencies
cocoapods security
Last synced: about 2 months ago
JSON representation
Protect your project from using dependencies from undesired sources
- Host: GitHub
- URL: https://github.com/itaybre/cocoapods-protected-dependencies
- Owner: Itaybre
- License: mit
- Created: 2021-02-16T18:58:34.000Z (almost 4 years ago)
- Default Branch: master
- Last Pushed: 2021-02-16T19:17:00.000Z (almost 4 years ago)
- Last Synced: 2024-05-01T15:01:44.783Z (8 months ago)
- Topics: cocoapods, security
- Language: Ruby
- Homepage:
- Size: 8.79 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
README
# cocoapods-protected-dependencies
Protect your project from using depenencies from undesired sources (Dependency Confusion).
## Installation
1. Add to your `Gemfile`
``` bash
gem 'cocoapods-protected-dependencies'
```2. Add to `Podfile`
``` bash
plugin 'cocoapods-protected-dependencies'
```3. Run
``` bash
bundle install
```## Update
Run
``` bash
bundle update cocoapods-protected-dependencies
```## Usage
This plugin hooks the depenency resolver, this ways `pod install`, `pod update`, `pod lib lint` are all protected from using incorrect sources, no special command is needed.
The only requirement is creating a configuration file `protected-specs.yml`
## Configuration File Format
The configuration is an array of sources which contain a `name` attribute, `source` and a `regex` or an array of strings.
Example with regular expression:
``` yml
- name: 'My Source'
source: [email protected]:itaybre/my_repo_specs.git
regex: (IT|UY)*
```
This will allow any dependency from `my_repo_specs` that start with IT or UY.Example with array of dependencies:
``` yml
- name: 'My Source'
source: [email protected]:itaybre/my_repo_specs.git
libs:
- ITDemoProject
- UYVulnerable
```
This configuration will only allow the dependencies `ITDemoProject` and `UYVulnerable`.