Currently, SwiftPM passes a -I to the directory containing all built modules, which allows any Swift code to import any module which has been built.
This is unfortunate, as it means code can easily import modules which haven't been explicitly declared as a dependency. That might frequently work but it can be the source of transient build failures or "works for me" type problems.
Instead, we should enforce that Swift code is only allowed to import modules which have been explicitly declared as dependencies. We could also let this include transitive dependencies, but I would actually prefer we require any module explicitly declare all other modules it is allowed to import.
swiftc doesn't expose a mechanism currently we can use to implement this directly. We could:
- Extend swiftc to explicitly support this.
- Build symlink trees for each target we want to build, and point the -I at that instead, to enforce what is allowed.