CocoaPods
Dependency manager for iOS/macOS/tvOS/watchOS projects — manages Objective-C and Swift library integration via Podfile. CocoaPods features: Podfile with pod declarations, pod install / pod update lifecycle, .xcworkspace generation (must use instead of .xcodeproj), Podspec for publishing libraries, private Podspec repos, versioning with semantic version constraints (~> 5.0, '>= 5.0', '= 5.0.1'), pre/post install hooks, and library source customization. While Swift Package Manager is the modern Apple-endorsed solution, CocoaPods remains widely used for legacy codebases and libraries without SPM support. Many agent iOS SDK dependencies (Firebase, Facebook, certain AI SDKs) still publish CocoaPods specs.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
CocoaPods trunk does not require code signing for pod publication — any account can publish any pod name; verify pod sources match expected GitHub repos. Pods/ directory contains third-party code; review pod licenses for agent app compliance. Private pods via git SSH have same security properties as git repository access control.
⚡ Reliability
Best When
Your iOS agent app has dependencies that don't support SPM yet (Firebase, some AI SDKs, legacy Objective-C libraries), or you're maintaining an existing Objective-C agent codebase already using CocoaPods.
Avoid When
Starting a new Swift iOS agent project where all dependencies support SPM — use Swift Package Manager exclusively to avoid .xcworkspace complexity.
Use Cases
- • Agent iOS app dependencies — Podfile with pod 'Firebase/Analytics', pod 'Alamofire', pod 'OpenAI-Swift' integrates agent SDK dependencies; pod install generates Pods/ directory and .xcworkspace for agent Xcode project
- • Agent SDK with CocoaPods distribution — create AgentSDK.podspec with name, version, source_files, dependencies; pod lib lint validates; pod trunk push publishes to CocoaPods trunk for agent SDK consumers using CocoaPods
- • Legacy agent app dependency management — existing Objective-C agent apps with CocoaPods can add Swift pod dependencies; CocoaPods handles mixed ObjC/Swift agent project dependency integration better than manual framework embedding
- • Private agent SDK via private Podspec repo — pod repo add company-specs https://github.com/company/pod-specs; pod 'InternalAgentSDK', source: 'https://github.com/company/pod-specs' distributes private agent libraries without CocoaPods trunk
- • Firebase integration for agent apps — pod 'Firebase/Analytics', pod 'Firebase/Crashlytics', pod 'Firebase/Messaging' integrates Firebase SDKs; Firebase still recommends CocoaPods as primary integration method for iOS agent apps alongside SPM
Not For
- • New Swift-only projects — Swift Package Manager is Apple's endorsed modern solution for new iOS agent projects; SPM integrates natively with Xcode without .xcworkspace complexity
- • macOS CLI tools — CocoaPods targets iOS/macOS app projects; for Swift command-line tools that are agent utilities, use Swift Package Manager
- • Pure Objective-C frameworks for SPM consumers — publishing frameworks that must support SPM consumers should use XCFramework or SPM, not CocoaPods-only distribution
Interface
Authentication
CocoaPods trunk requires authentication token from pod trunk register for publishing. Private Podspec repos use git auth (SSH or HTTPS). No auth needed for consuming public pods.
Pricing
CocoaPods is MIT licensed. CocoaPods trunk (public pod hosting) is free. Free for all use.
Agent Metadata
Known Gotchas
- ⚠ Must open .xcworkspace not .xcodeproj — pod install generates AgentApp.xcworkspace; opening AgentApp.xcodeproj after pod install causes 'Framework not found' build errors; agent developers must always open .xcworkspace; .xcworkspace should be committed to version control (not .xcodeproj's derived data)
- ⚠ Podfile.lock must be committed — Podfile.lock pins exact pod versions for reproducible agent builds; not committing Podfile.lock means pod install on different machines may resolve different versions; CI agent builds without committed Podfile.lock are non-reproducible
- ⚠ pod install vs pod update distinction — pod install respects Podfile.lock versions (reproducible); pod update fetches latest allowed versions and updates Podfile.lock; running pod update in CI accidentally upgrades agent dependencies; CI should always use pod install
- ⚠ CocoaPods Ruby version compatibility — CocoaPods is a Ruby gem; system Ruby on macOS changed in Ventura; gem install cocoapods may fail with permission errors; use rbenv or rvm to manage Ruby version for CocoaPods in agent CI; pin CocoaPods version in Gemfile for consistent agent CI behavior
- ⚠ Post-install hooks required for some pods — some pods (React Native, older Firebase) require use_frameworks! or use_modular_headers! in Podfile; missing modifier causes build errors like 'Module not found'; agent project Podfiles inherited from tutorials may be missing required hooks for newer pod versions
- ⚠ SPM and CocoaPods conflict in same project — mixing CocoaPods and Swift Package Manager in same agent Xcode project can cause duplicate symbol errors if same dependency included by both; audit agent dependencies carefully when migrating from CocoaPods to SPM incrementally; remove CocoaPods version before adding SPM version of same framework
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for CocoaPods.
Scores are editorial opinions as of 2026-03-06.