The NuGet Blog

The latest news, updates, and insights from the NuGet team

Enable repeatable package restores using a lock file

With , NuGet always tries to produce the same closure of package dependencies if the input package reference list has not changed. However, there are a few scenarios where it may not be able to do so. While these cases are limited, we received multiple requests to completely lock down the full package dependency graph for projects to produce ...

Lock down your dependencies using configurable trust policies

For the past several months we have focused on various features to improve package security and trust. Around a year back, we had announced our plans on various signing functionalities that we have been implementing at a steady pace. We enabled package author signing and NuGet.org repository signing earlier this year. Continuing on the signing...