The default path in modern Mac development is to start by adding dependencies. A networking library, a UI component kit, an analytics framework, a logging package, a reactive programming layer. Before you’ve written a single feature, your app has a dozen third-party dependencies and a five-minute clean build.
There’s another path: use nothing except what Apple ships. No SPM packages, no CocoaPods, no third-party code at all. QuietClip takes this approach, and the results speak for themselves — under 5 MB, sub-second builds, and zero supply chain surface area.
Why zero dependencies
Every dependency is a tradeoff. You gain functionality and save development time. You also gain:
- Code you haven’t read and may not understand
- A maintenance burden when the dependency updates (or stops updating)
- A build step that can fail for reasons outside your control
- A potential attack vector through supply chain compromise
For a large app — a web browser, a design tool, a database client — dependencies are unavoidable and worthwhile. But for focused utilities, the tradeoff math changes.
A dependency isn’t free. It’s a contract: you get functionality now in exchange for maintenance burden, attack surface, and build complexity forever.
What Apple frameworks provide
Apple’s first-party frameworks cover far more than most developers realize. For a typical Mac utility:
For QuietClip specifically, every feature maps to a built-in framework: SwiftUI for the panel, SwiftData for history, AppKit for the menu bar, CGEvent for paste simulation. There’s no feature that would benefit from a third-party library.
Supply chain risk
Supply chain attacks on package managers are no longer theoretical. Compromised npm packages, malicious PyPI uploads, and typosquatting attacks make headlines regularly. The Swift ecosystem isn’t immune.
When you add an SPM dependency, you’re trusting:
- The package author’s current intentions
- The package author’s future intentions
- The security of the author’s GitHub account
- Every transitive dependency the package pulls in
- The integrity of the package registry
Transitive dependencies are the hidden threat
You add one package. That package depends on three others. Those depend on five more. Your “one dependency” is actually nine packages, most of which you’ve never heard of. A compromised package deep in the tree can access your app’s process — including the pasteboard contents your clipboard manager is storing.
For an app that handles clipboard data — passwords, API keys, personal messages — minimizing the code surface that touches this data is a security imperative, not a philosophical preference.
Practical benefits
Beyond security, zero dependencies produce tangible development benefits:
Faster builds. No dependency resolution, no package fetching, no framework compilation. A clean build of QuietClip takes seconds, not minutes. Incremental builds are nearly instant.
Smaller binaries. Third-party frameworks are bundled inside your app. Each one adds to your download size. A zero-dependency app ships only your compiled code — the system frameworks are already on every Mac. QuietClip is under 5 MB.
No breaking changes from updates. Major version updates to popular packages regularly break APIs. With zero dependencies, the only breaking changes come from Apple’s SDK updates — which are annual, well-documented, and come with migration guides.
Simpler onboarding. A new developer clones the repo, opens the Xcode project, and builds. No pod install, no swift package resolve, no environment setup. It just works.
QuietClip’s entire build process is: open Xcode, press ⌘B. No package resolution, no dependency fetching, no build script phases. The project compiles in seconds and the output is under 5 MB.
The tradeoffs
Zero dependencies isn’t free. You give up:
Community solutions to common problems. Need a sophisticated date picker? A Markdown parser? An image processing pipeline? Apple’s frameworks might not have exactly what you need, and you’ll be writing it yourself.
Battle-tested edge case handling. Popular libraries have been used by thousands of apps and have had years of bug reports and fixes. Your from-scratch implementation has been tested by one app — yours.
Development speed for complex features. If your app needs something that a library does well and Apple doesn’t provide natively, building it yourself takes longer. The question is whether the long-term maintenance savings outweigh the up-front cost.
The honest answer: for a focused utility, the tradeoffs are minor. For a large, feature-rich application, they become significant. Know your app.
When it makes sense
Zero-dependency development works best for:
- Focused utilities with a clear, bounded feature set
- Privacy-sensitive apps where minimizing code surface is a feature
- Menu bar apps that need to be lightweight and fast-launching
- Apps targeting the latest macOS where Apple’s newest frameworks cover your needs
It works less well for:
- Apps that need cross-platform code sharing
- Apps with complex networking requirements (REST clients, GraphQL, WebSocket)
- Apps that need functionality Apple simply doesn’t provide (computer vision, advanced audio processing)
For QuietClip — a focused, privacy-first clipboard utility — zero dependencies was the obvious choice. Your app might be different. The important thing is to make it a deliberate decision, not a default.
Under 5 MB. Zero dependencies.
QuietClip is built entirely with Apple frameworks. Fast, small, and no supply chain risk. Free to start, $8.99 once for Pro.