software

SPI co-creator Dave Verwer joins Apple, says 'We will be moving away from that model completely'

The Swift Package Index (SPI), a search engine for open source packages for the Swift programming language, is now part of Apple, though it will remain open source. 

Dave Verwer, who created SPI over six years ago along with Sven A. Schmidt, said on Mastodon that "I'll be joining Apple to continue working on everything related to Swift packages."

Apple senior product manager Dave Lester said that SPI has become an "essential part of the Swift ecosystem" and referenced the intent to build a comprehensive package registry for Swift. The news follows Apple’s sponsorship of SPI back in March 2023. 

SPI is open source on GitHub under the Apache 2.0 license and Verwer, Schmidt, and Swift Core Team member Ted Kremenek said that it will remain open source and continue to operate as it does today, though they also promised accelerated development. New capabilities are promised, including package signing and identity to improve "robustness and security."

Currently anyone can add a package to SPI, and developers are reliant on metadata to judge the reliability and trustworthiness of a package. Each package in the index shows information, including the number of contributors; how long the project has been in development; the number of open issues; how many dependencies it has; the project README from GitHub; release notes; and a Use this package button, which shows how to use it from Xcode (the official Apple IDE) or using the Swift Package Manager.

On its launch in 2020, SPI contained around 2,500 packages, and now has over 11,000: significant growth, but miniscule in comparison to the likes of PyPi (Python Package Index), which has over 8 million, the main reason being the niche status of Swift outside development for Apple platforms. That said, SPI has some strong features including that it runs compatibility-testing builds against each version of every package on a range of operating systems, including macOS, iOS, WatchOS, VisionOS, Linux, Wasm, and Android. A snag is that many packages report no compatibility information along with the message "we are currently processing a large build job backlog," making the feature useless for recent releases.

A common complaint about SPI is that it only supports packages hosted on GitHub. Soon after the project launched, a user asked for GitLab support to be added. Verwer said "I would definitely like to get to it one day," but two years later admitted that "the situation has only got worse and we are more tightly coupled to GitHub than we were at the start." In May this year, another user remarked that "being attached only to GitHub is not good for the wider Swift community," but Verwer said that "this isn’t a current priority for us." 

The Apple move appears to signal a change of direction though. On Hacker News, Verwer said that "the great thing about a registry is that it doesn't care where the original source is hosted. We will be moving away from that model completely as we work towards this."

Verwer’s remark suggests that, despite the news announcement emphasizing that SPI will remain as-is for now, big changes are planned. Apple’s resources may fix issues such as long waits for build results, though developers will also be wary of the implications of a well-liked independent package index coming under the company’s full control.®