Bug
@bugfender/rn-bugfender@5.0.1's podspec declares s.dependency \"React-Codegen\", but React Native 0.83+ renamed the codegen pod to ReactCodegen (no hyphen). The old name is no longer published as a local podspec by React Native, so CocoaPods falls back to the public Spec CDN — where a personal package (sjnscythe/React-Codegen v0.1.0) has been registered under that exact name and pulls source from https://github.com/sjnscythe/React-Codegen.git. That's effectively a typosquat in the dependency path. The clone has been failing in CI builds with:
```
Installing React-Codegen (0.1.0)
[!] Error installing React-Codegen
[!] /opt/homebrew/bin/git clone https://github.com/sjnscythe/React-Codegen.git ... --branch 0.1.0
fatal: unable to access '...': The requested URL returned error: 500
```
Reproduction
- React Native 0.83.x (we use 0.83.4), `RCT_NEW_ARCH_ENABLED=1`.
- Fresh `pod install` on a machine without a cached `Pods/` directory.
- `@bugfender/rn-bugfender@5.0.1` in dependencies.
Affected file
`RnBugfender.podspec`, the `RCT_NEW_ARCH_ENABLED == '1'` block, line 30 in 5.0.1:
```ruby
s.dependency "React-Codegen"
```
Proposed fix
Update the new-arch dependency block to use the current pod name:
```diff
- s.dependency "React-Codegen"
- s.dependency "ReactCodegen"
```
Optionally guard with a React Native version detection if you want to keep the old name for users still on RN ≤ 0.79.
Our workaround until a fix ships
We patch the podspec via pnpm's `patchedDependencies`:
```diff
diff --git a/RnBugfender.podspec b/RnBugfender.podspec
@@ -27,7 +27,7 @@ Pod::Spec.new do |s|
"CLANG_CXX_LANGUAGE_STANDARD" => "c++17"
}
- s.dependency "React-Codegen"
- s.dependency "ReactCodegen"
s.dependency "RCTRequired"
s.dependency "RCTTypeSafety"
s.dependency "React"
```
Security note
The fact that the deprecated name resolves to a personal repo on the CocoaPods CDN is a real risk for anyone still depending on `React-Codegen` from a pre-0.83 RN. Worth flagging to maintainers and possibly to the CocoaPods team for review.
Happy to open a PR with the one-line podspec change if that's helpful.
Bug
@bugfender/rn-bugfender@5.0.1's podspec declaress.dependency \"React-Codegen\", but React Native 0.83+ renamed the codegen pod toReactCodegen(no hyphen). The old name is no longer published as a local podspec by React Native, so CocoaPods falls back to the public Spec CDN — where a personal package (sjnscythe/React-Codegenv0.1.0) has been registered under that exact name and pulls source fromhttps://github.com/sjnscythe/React-Codegen.git. That's effectively a typosquat in the dependency path. The clone has been failing in CI builds with:```
Installing React-Codegen (0.1.0)
[!] Error installing React-Codegen
[!] /opt/homebrew/bin/git clone https://github.com/sjnscythe/React-Codegen.git ... --branch 0.1.0
fatal: unable to access '...': The requested URL returned error: 500
```
Reproduction
Affected file
`RnBugfender.podspec`, the `RCT_NEW_ARCH_ENABLED == '1'` block, line 30 in 5.0.1:
```ruby
s.dependency "React-Codegen"
```
Proposed fix
Update the new-arch dependency block to use the current pod name:
```diff
```
Optionally guard with a React Native version detection if you want to keep the old name for users still on RN ≤ 0.79.
Our workaround until a fix ships
We patch the podspec via pnpm's `patchedDependencies`:
```diff
diff --git a/RnBugfender.podspec b/RnBugfender.podspec
@@ -27,7 +27,7 @@ Pod::Spec.new do |s|
"CLANG_CXX_LANGUAGE_STANDARD" => "c++17"
}
s.dependency "RCTRequired"
s.dependency "RCTTypeSafety"
s.dependency "React"
```
Security note
The fact that the deprecated name resolves to a personal repo on the CocoaPods CDN is a real risk for anyone still depending on `React-Codegen` from a pre-0.83 RN. Worth flagging to maintainers and possibly to the CocoaPods team for review.
Happy to open a PR with the one-line podspec change if that's helpful.