As I mentioned earlier, I want to store on a user's disk only what they actually need. I don't want a user to have a hundred unused libs and a few unused apps while they need only one app and some core libs. And I also don't want a user to have three (or four, or five, or how many apps there will be) copies of the same libs if they decide to use multiple applications. So I want to know the exact way how to do it, so I can decide is it worth it or not in my case.

Thank you for your advice, but I'd like to give it a try anyway. So I have few more questions. I've asked galad87, but he is not responding, so maybe you know the answer. I understand that I can't change .app bundles to keep signatures valid, but what about libraries? Is it enough to sign each .dylib, executable and resource file separately? If that so, then I can place in one directory like /Libraries/MyAppLibs/Versions/1.2.3/Contents/Libraries/ and so I can add or remove them without breaking anything. Or do I need to keep library package properly signed as a whole? In that case I guess I'll have to create a different package and different directory in /Libraries/ for each library. Is it correct?

Thanks. Libraries aren't that huge, but there are a lot of them and user may need only a few. I already have this mechanic on Windows, so I want to implement it on MacOS as well.

Thanks a lot! To be clear, am I to pack each library in different package and to install it in a different directory to make it work? So after installation it would be like /Libraries/MyAppLibs/MyLib1/, /Libraries/MyAppLibs/MyLib2/, etc. Now file structure looks like this /Libraries/MyAppLibs/Versions/1.2.3/Contents/Libraries/.dylib and /Libraries/MyAppLibs/Versions/1.2.3/Contents/Libraries/AdditionalLibs/Lib1/.dylib Is it possible to keep it that way? Does /Libraries/MyAppLibs/Versions/1.2.3/ itself needs to be signed or only files inside of it? Because now it is signed and modifications will break it.