Formats/CocoaPods

Manage CocoaPods artifacts with confidence

CocoaPods is sunsetting. Its public trunk becomes permanently read-only in December 2026, but teams with existing iOS and macOS projects built on CocoaPods will need to manage, distribute, and govern those pods for years to come. Cloudsmith gives you a private, fully-managed CocoaPods repository so your artifacts stay accessible, controlled, and secure long after the public registry goes dark.

Universal format support

Manage CocoaPods artifacts for the long haul. Cloudsmith gives your team a private, cloud-native home for every pod you depend on.

  • Use CocoaPods + 30 other formats
  • Store pods alongside Swift packages, containers, and other iOS/macOS build artifacts in one place
  • Centrally manage your software supply chain as your teams migrate away from the public CocoaPods trunk

How we support CocoaPods

Cloudsmith gives teams that still depend on CocoaPods a fully-managed private repository with the access controls, governance, and distribution speed they need to keep shipping.
    Private CocoaPods repositories
    Host your own Podspecs in a fully-managed private repository. Push and pull pods using the standard CocoaPods CLI with no changes to your toolchain.
    Global distribution with edge delivery
    Cloudsmith delivers pods from 600+ edge points of presence worldwide, keeping build times low for distributed iOS and macOS teams regardless of location.
    Governance policies
    Create and enforce policies that govern which pods are permitted in your repositories. Block specific versions, require specific metadata fields, or quarantine packages that do not meet your criteria before any team member installs them.
    Access control and authentication
    Apply granular repository permissions with a zero-trust model. Integrate with SAML/SSO, OIDC, and SCIM to manage access at scale without manual credential rotation.
    Upstream proxying and caching
    Proxy and cache the public CocoaPods CDN through Cloudsmith so your builds are insulated from upstream outages or the eventual public trunk shutdown.

Why teams choose Cloudsmith for CocoaPods

The public CocoaPods trunk is going away. Teams that stay on scattered workarounds face build fragility and compliance gaps. Cloudsmith gives you a controlled, private registry that works with your existing tooling today and stays reliable long after December 2026.
Without CloudsmithTeams rely on the public CocoaPods trunk, which is entering read-only mode in December 2026. Any pod that is not vendored or mirrored privately becomes inaccessible for updates, leaving builds fragile and teams unable to respond quickly to issues.
With CloudsmithCloudsmith proxies and caches the public CocoaPods CDN so existing builds continue without interruption. Your private pods are stored securely in Cloudsmith and remain fully accessible regardless of what happens to the public trunk.
Without CloudsmithThere is no standard way to enforce which pod versions developers install. Any version in the public registry can be pulled into a build, creating inconsistency and making it impossible to block problematic or unapproved releases across teams.
With CloudsmithCloudsmith policy rules let you block specific pod versions, require defined metadata fields, and quarantine packages that fail your criteria before any team member installs them. Governance is enforced at the registry level, not left to individual developers.
Without CloudsmithDistributed iOS and macOS teams hit slow pod install times because they are resolving dependencies directly from the public CDN. Teams in different regions experience inconsistent build performance with no way to improve or control latency.
With CloudsmithCloudsmith's 600+ edge points of presence deliver pods from the closest location to each developer and CI runner. Build times are consistent and fast for every team, wherever they are located.

Signs you're ready to switch to Cloudsmith for CocoaPods

If your team still depends on CocoaPods, the clock is ticking. Here are the signals that it is time to put a proper private registry in place.
    The public trunk shutdown is approaching
    CocoaPods trunk becomes permanently read-only in December 2026. Teams without a private mirror or proxy in place will face broken builds and no path to update pods when that switch happens.
    No control over which pod versions get installed
    If developers can pull any version from the public registry, you have no enforcement layer. Cloudsmith policies let you block unapproved versions and quarantine non-compliant packages before they reach any build.
    Slow pod installs are hurting build times
    Resolving pods directly from the public CDN introduces latency that compounds across large teams and frequent CI runs. Cloudsmith caches dependencies close to your teams and runners so installs are fast and consistent.
    Internal pods have no secure home
    Storing proprietary pods in version control or ad-hoc file shares is not a registry. Cloudsmith gives your private pods a proper home with access control, audit logs, and reliable distribution built in.
    Your iOS stack is growing beyond CocoaPods
    Teams migrating toward Swift Package Manager, or running React Native or Flutter alongside native code, need to manage multiple artifact types. Cloudsmith handles all of them in a single platform so you are not maintaining separate registries as your stack evolves.

Get started with CocoaPods on Cloudsmith

Frequently asked questions

  1. CocoaPods is entering retirement. The project has been in maintenance mode since August 2024, and the public trunk registry is scheduled to become permanently read-only on December 2, 2026. Existing projects will continue to work as long as GitHub and jsDelivr remain operational, but no new or updated pods can be published after that date. Teams should plan their private registry and migration strategy now.

  2. Yes. Existing builds that resolve pods from GitHub or the CDN will continue to work after December 2, 2026. However, you will not be able to publish new versions or update existing pods on the public trunk. A private registry like Cloudsmith lets you mirror your dependencies and host internal pods so your builds remain stable and under your control.

  3. Cloudsmith provides native CocoaPods support. You create a repository, configure your Podfile to point at your Cloudsmith source, and push pods using the standard CocoaPods CLI. Cloudsmith's documentation walks through authentication setup, pushing Podspecs, and configuring your Podfile in detail.

  4. Cloudsmith can proxy and cache the public CocoaPods CDN so your builds are insulated from any disruption to the upstream registry. You can also mirror specific pods into your private Cloudsmith repository to ensure they remain available permanently. This gives you a controlled, auditable copy of your dependencies that does not rely on third-party availability.

  5. Cloudsmith does not currently provide vulnerability scanning for CocoaPods packages. However, you can use Cloudsmith's governance policy engine to control exactly which pods and versions are permitted in your repositories. You can block specific versions, require defined metadata fields, and quarantine packages that do not meet your criteria before any team member installs them.

  6. Cloudsmith uses a zero-trust permission model. You can create public or private repositories and assign granular access rights to teams and individuals. SAML/SSO, OIDC, and SCIM integrations let you manage access through your existing identity provider, and every push and pull is captured in a full audit log.

  7. Yes. Cloudsmith supports more than 30 package formats including Swift Package Manager, Docker, npm, PyPI, and many others. You can manage CocoaPods, containers, and any other artifact types your team uses under a single account, with consistent access controls and policy enforcement across all of them.

  8. Cloudsmith's policy engine lets you define rules that run at the repository level. For CocoaPods you can block specific pod versions from being installed, require that Podspecs include defined metadata fields, or quarantine incoming packages for review before they are available to any team member. Policies are enforced automatically at the registry level.

  9. Cloudsmith routes artifact delivery through 600+ edge points of presence worldwide. Pods are served from the closest available location to each developer or CI runner, keeping pod install times fast and consistent for teams regardless of their geography.

  10. Yes, Cloudsmith is well suited for teams in transition. You can host CocoaPods and Swift Package Manager packages side by side in Cloudsmith, giving you a stable private registry throughout the migration. As your team moves pods to SPM, both artifact types remain accessible from the same platform with the same access controls and governance policies applied.

Formats

There’s more than just CocoaPods on Cloudsmith