Hive Hive
Sign in
Projects
Domains
Forage
Specs
Drops

Dependecies didn’t work as expected for mono repository

GitHub issue · Open

Metadata
Source
tuist/tuist #8021
Updated
Jun 11, 2026
Domains
CLI
Details

What happened?

Two issues I found in the demo repository.

  1. At commit 4bdd623, tuist inspect implicit-imports reports false positive for canImport expressions

  2. At commit bfa8024, external dependecies are always available even not added to targets. These two targets should fail to compile due to

    • createJSONString is unavailable for App0 target
    • createKey is unavailable for App1 target

How do we reproduce it?

git clone https://github.com/mo5tone/implictImports

cd implictImports

tuist install

tuist generate

tuist inspect implicit-imports

Error log

  implicitImports git:(main)  tuist inspect implicit-imports

It might take a while if the cache is empty

The following implicit dependencies were found:

 - App1 implicitly depends on: Framework0, CryptoSwift

 - App0 implicitly depends on: SwiftyJSON, Framework1





 Error

  Fatal linting issues found



  Sorry this didn’t work. Here’s what to try next:

    If the error is actionable, address it

    If the error is not actionable, let's discuss it in the Troubleshooting & how to

   ▸ If you are very certain it's a bug, file an issue

    Check out the logs at /Users/xxx/.local/state/tuist/logs/0BEA4109-FD1A-4A72-A1AD-D4546EC67592.log

macOS version

15.6

Tuist version

4.61.2

Xcode version

16.4

Comments
D
dosubot[bot] Aug 16, 2025

Both issues you described are known limitations of Tuist’s dependency analysis in mono repositories.

For the false positives with canImport, Tuist’s inspect implicit-imports command relies on static code analysis and cannot fully understand conditional imports like #if canImport(...)—so it may report dependencies as “implicit” even when they’re only conditionally imported. This is documented as a limitation: Tuist can’t reliably detect all conditional import cases and may produce false positives in these scenarios [docs].

For external dependencies being available to all targets, the current scoping mechanism in Tuist may not fully isolate module visibility per target or project in mono repo setups, especially with SwiftPM packages. This means external modules can sometimes be imported even if not explicitly declared as dependencies, which can lead to the kind of leakage you observed. This is a known gap in how exclusivity and visibility are enforced when multiple projects coexist [docs].

The recommended approach is to always explicitly declare all dependencies for each target. If you encounter linker errors or unexpected module visibility, use .package(product:) to explicitly link the required products, and avoid relying on implicit or transitive linkage [discussion].

Let me know if you want more details on workarounds or have a specific scenario you want to dig into!

To reply, just mention @dosu.

Share context across your team and agents. Try Dosu.

Leave Feedback Learn about tuist with Dosu Add Dosu to your team

P
pepicrft Aug 18, 2025

Hey @mo5tone 👋🏼 Our feature to detect redundand import and implicit dependencies relies in static code analysis ahead of compilation. That means any language features like canImport resolved at compile-time can’t be analyze, leading to the invalid results you are seeing. Is commit bfa8024 also using compile-time capabilities?

M
mo5tone Aug 20, 2025

Hi @pepicrft Thanks for you quick response. And yes, I add CryptoSwift to App0 target and SwiftyJSON to App1 target at commit bfa8024. App0 and App1 have a shared source file named Common/Foo.swift with two functions that use these two dependencies respectively. The expected behavior is that either App0 or App1 should fail to compile.