Swift Package Audit: dependency health checks for Xcode-managed SwiftPM projects

Hi all I’ve just released Swift Package Audit 1.0.0, a small CLI tool for auditing SPM dependency health in real Xcode projects.

It is aimed at projects where packages are managed through Xcode rather than only through Package.swift. It scans .xcodeproj, .xcworkspace, Package.swift and Package.resolved files then reports issues such as:

• missing Package.resolved files
• project package references missing from resolved pins
• stale resolved pins that are no longer referenced by the project
• branch-based dependencies
• revision-based dependencies
• exact-version dependencies
• duplicate package URL forms
• suspicious identity mismatches
• check for newer package versions

It is read-only by design. It does not update packages, edit project.pbxproj or make network calls during normal scans.

Install with Homebrew:

brew tap crleonard/tap
brew install swift-package-audit

Example usage:

swift-package-audit scan --path .
swift-package-audit scan --format json
swift-package-audit scan --format markdown
swift-package-audit scan --format pr-comment
swift-package-audit scan --check

The pr-comment output is intended for GitHub Actions workflows where you want dependency health feedback directly on a pull request.

GitHub repo:

I would really appreciate feedback from people with larger or messier Xcode workspaces, especially around false positives, unusual package layouts, and CI usage.