Looks like they've made an web-app (https://pod-sources.cocoapods.org/) to check the distinct sources of a pod so you can have a fish to see if a source location url changed behind your back.
Would be good to show a list of all repositories where there are more than 1 distinct source as most people who make pods just point to their Github repo release page.
It's very tedious to check the impact of this without that list.
I noticed that quite a few pods have more than 1 distinct source when checking the pods used by projects I have worked on. From what I could see source changes were the result of ownership changes, GitHub account name changes, etc.
So i'm not sure how to distinguish malicious source changes from innocuous ones. Maybe it would be worthwhile to search for source changes that lasted a single release and reverted thereafter.
Would be good to show a list of all repositories where there are more than 1 distinct source as most people who make pods just point to their Github repo release page.
It's very tedious to check the impact of this without that list.