CocoaPods Is Deprecated

Summary

TLDR: In two years we plan to turn CocoaPods trunk to be read-only. At that point, no new versions or pods will be added to trunk. - Note, this post has been updated in May 2025. Last month I wrote about how CocoaPods is currently being maintained, I also noted that we were discussing converting the main CocoaPods spec repo "trunk" to be read-only: We are discussing that on a very long, multi-year, basis we can drastically simplify the security of CocoaPods trunk by converting the Specs Repo to be read-only. Infrastructure like the Specs repo and the CDN would still operate as long as GitHub and jsDelivr continue to exist, which is pretty likely to be a very long time. This will keep all existing builds working. I plan to implement the read-only mode so that when someone submits a new Podspec to CocoaPods, it will always be denied at the server level. I would then convert the "CocoaPods/Specs" repo to be marked as "Archived" on GitHub which should cover all of our bases. Making the switch will not break builds for people using CocoaPods in 2026 onwards, but at that point, you're not getting any more updates to dependencies which come though CocoaPods trunk. This shouldn't affect people who use CocoaPods with their own specs repos, or have all of their dependencies vendored (e.g. they all come from npm.) May 2025 Update: Since this post was originally written, we've had enough security researchers abusing scripting capabilities in CocoaPods that we are now introducing a block on allowing new CocoaPods to use the prepare_command field in a Podspec. Any existing Pods using prepare_command are hard-coded to bypass this check. Timeline My goal is to send 2 very hard-to-miss notifications en-masse, and then do a test run a month before the final shutdown. May 2025 We are stopping new CocoaPods from being added which use the prepare_command field Mid-late 2025 I will email all email addresses for people who have contributed a Podspec, informing them of the impending switch...