How to privatize dependencies in Swift Package Manager?

Implementation‐only imports only prevent a dependency from being forwarded through the import statement.

// ModuleB
import CModuleA
// ModuleC
import ModuleB // Implicitly got “import CModuleA” too.
// ModuleD
@_implementationOnly import CModuleA
// ModuleE
import ModuleD // Hasn’t implicitly imported CModuleA.

At the moment, SwiftPM does nothing to enforce that import statements are also mentioned in the manifest. All dependencies—both direct and transitive—end up in the import and linker search paths, so there is currently nothing you can do about it. Adding such enforcement would be non‐trivial, since many imports originate from outside the package anyway, such as import Foundation.

5 Likes