Security News
Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
A clarification on our recent research investigating 60 malicious Ruby gems.
By Sarah Gooding - Aug 22, 2025
spm_utils
SPM utils
Hey there! This is a repo with a bunch of utility scripts for SPM compiled to a ruby gem. I really like working with SPM nowadays, but I needed to automate some things that I could reuse both on my local computer and also on the CI - maybe you want to use them too! Please remember though, that all of this is mostly work in progress (it works on my computer™) Fortunately, I accept PRs to fix anything you see that is wrong! I will be really grateful for that, actually.
Before you use the script:
- Go to your SPM project.
- Backup/commit your files.
- Clean your project if needed.
- Run
swift package generate-xcodeproj(make sure it passes) - Install this gem using
gem install spm_utils
Cleaning your project
Whenever something goes wrong with building/caching/resolving, try cleaning your project:
spm_utils clean_project
Quick fixer
See issue Quick#751 and PR swift-package-manager#955. TL;DR because of SPM, Quick can't set CLANG_ENABLE_MODULES by itself.
This script automates it for you:
spm_utils fix_quick
Swift version - update your targets to Swift 3 or 4
By running swift package generate-xcodeproj you don't necessarily get all your targets built with Swift 4 (see SR-5940). You might also want to change one of the targets to use Swift 3 or 4. This script fixes that for you. Note: You might want want to use my fork of Quick as Swift 4 is currently broken, but PR#755 is waiting for the merge :)
To use my fork of Quick fix a temporary fix:
.package(url: "https://github.com/sunshinejr/Quick.git", .branch("fix/spm_swift4"))
To update all targets to use Swift 3:
spm_utils swift 3.0
To update all targets to use Swift 4:
spm_utils swift 4.0
To update all targets to use Swift 4.2:
spm_utils swift 4.2
To update few targets to use Swift 4.2:
spm_utils swift --target Quick --target Nimble 4.2
Inhibit warnings
In CocoaPods there is an option to hide your dependencies warnings. This basically does the same thing.
To inhibit warnings for all targets
spm_utils inhibit_all_warnings
To inhibit warnings for only one target
spm_utils inhibit_all_warnings --target Nimble
To inhibit warnings for multiple targets
spm_utils inhibit_all_warnings --target Nimble --target Moya
License
MIT.
FAQs
Unknown package
We found that spm_utils demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 05 Jun 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ESLint Adds Support for Parallel Linting, Closing 10-Year-Old Feature Request
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
By Sarah Gooding - Aug 22, 2025
Research
/Security News
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.
By Kirill Boychenko - Aug 21, 2025