oftentimes when auditing a dependency candidate, i am interested in knowing if the dependency will link Foundation. (or any of the other “outer core” modules such as _Concurrency, RegexBuilder, etc.)
one rudimentary method of answering this question is to do a text search of the dependency’s source code for the string import\s+Foundation. but that’s a fairly inaccurate signal, for many reasons:
-
the candidate’s code might have written the Foundation import differently, for example, import struct Foundation.Data
-
the candidate’s code might transitively import something that imports Foundation
-
the candidate might not actually import Foundation, due to clever use of #if directives, which would produce a false positive even when the library’s author spent effort to make parts of the library available without linking Foundation.
is there a way to accurately detect if a target imports Foundation?
1 Like
Kyle-Ye
(Kyle)
2
For linking Foundation:
- Maybe you can check the produced binary(.o / .framework) to see if there is a link to
Foundation framework.
For exposing Foundation(May use internally but do not expose it):
- Maybe you can build it to produce a swiftinterface file and check the
import Foundation statement here
Also I think it may be inevitable to rely on/link to the Foundation library in some cases. Could you provide your usage or context here?
1 Like
