I have thinked about this regarding both Alcatraz for Xcode plugins as well as CocoaPods for project packages but I think Apple will accomplish this together with Swift 3 where they seems to release a package manager. read more
Hardening Xcode.app doesn't fix the Xcode Ghost problem, it just forces malicious parties to move elsewhere in the toolchain. I can think of 10 different ways to inject bad code that doesn't involve changing Xcode. On the other hand, Xcode is now broken for me. I use 5-10 plugins from Alcatraz and Xcode 8 will suck without them. read more