The NuGet Blog

How to Scan NuGet Packages for Security Vulnerabilities

drewgilliesMarch 2, 2021Mar 2, 202103/2/21

Today, we are announcing the public availability of NuGet’s vulnerability features that you can use to ensure your projects are vulnerability free and if not, to take action to securing your software supply chain.

State of the NuGet Ecosystem

Jiachen JiangMarch 1, 2021Mar 1, 202103/1/21

Recently, our team launched our first quarterly user survey for NuGet.org. With over 500 responses, we wanted to spend some time to share with you what we've learned in these last few months.

The NuGet.org repository signing certificate will be updated as soon as March 15th, 2021

Christopher GillFebruary 25, 2021Feb 25, 202102/25/21

The current NuGet.org repository signing certificate will be updated as soon as March 15th, 2021. If you validate that packages are repository signed by NuGet.org, you will need to take steps to avoid disruptions when installing packages from NuGet.org.

Happy 10th Birthday, NuGet!

Christopher GillJanuary 13, 2021Jan 13, 202101/13/21

NuGet 1.0 was released on January 13th, 2011 – 10 years and 4 major version releases ago. Since then, NuGet.org has grown to host a large and vibrant package ecosystem with over 230 thousand unique packages.

Custom V2 OData queries will be deprecated March 9, 2021

Jiachen JiangDecember 2, 2020Dec 2, 202012/2/20

We announced the deprecation of custom V2 OData queries (#37) last year and conducted a dry run in early November to ensure that there are no surprises for users. Going forward, we plan to bring all new features and improvements only to the newer V3 APIs. As part of this strategy, we will begin blocking select endpoints used by 3rd party ...

Getting Started With NuGet 5.8

Jon DouglasNovember 13, 2020Nov 13, 202011/13/20

NuGet 5.8 is one of many releases in our .NET unification journey. Our NuGet tooling helps developers discover new .NET packages to use for their .NET applications, while making package management easier during your daily development.

The Microsoft author signing certificate will be updated as soon as November 1st, 2020

Christopher GillOctober 22, 2020Oct 22, 202010/22/20

The current Microsoft author signing certificate will be updated as soon as November 1st, 2020. If you validate that packages are author signed by Microsoft, you will need to take steps to avoid disruptions when installing Microsoft packages.

View dependent packages on NuGet.org

Christopher GillAugust 20, 2020Aug 20, 202008/20/20

We're excited to announce that you can now view dependent packages in the new Used By section on NuGet.org, yet another major improvement to the package evaluation experience!

Advanced search on NuGet.org

Mohamed Riad GahlouzAugust 7, 2020Aug 7, 202008/7/20

We are excited to announce that NuGet.org now supports one of our top customer asks - advanced search! You can now use a multitude of sorting and filtering criteria to help find the best NuGet packages for your needs!

NuGet.org will permanently remove support for TLS 1.0 and 1.1 on June 15th

Christopher GillMay 25, 2020May 25, 202005/25/20

Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org in which we stated that the permanent removal of TLS 1.0/1.1 support would occur in April 2020. However, in April, to avoid disrupting customers in the midst of the COVID-19 pandemic, we announced that we would continue to support TLS 1.0/1.1 until further ...