The NuGet Blog
The latest news, updates, and insights from the NuGet team
Latest posts
OpenSSF Scorecard for .NET and the NuGet ecosystem
OpenSSF Scorecard is a tool developed by the Open Source Security Foundation (OpenSSF) that provides automated security assessments for open-source projects. The primary goal of the Scorecard project is to help developers and users determine the security posture of open-source software by generating a score based on a series of security-related checks. Using Scorecard, developers can assess the risks associated with each check and make informed decisions about accepting these risks, evaluating alternative solutions, or making improvements. Moreover, while projects can use GitHub Actions to generate a scorecar...
NuGetAudit 2.0: Elevating Security and Trust in Package Management
Introduction In November 2023 (NuGet 6.8, Visual Studio 17.8, .NET SDK 8.0.100), we released NuGet Audit. NuGet Audit provides warnings during restore when a package with a known vulnerability is used by a project. More information about NuGet Audit, including detailed configuration options can be found on our learn website. New features are still being added, so if you haven’t read the docs recently, consider having another look, or check our release notes, to see if new features that may help you have been added. Here is a quick summary of available settings that will be available in NuGet 6.12, Visual Studio...
Building a Safer Future – How NuGet is Tackling Software Supply Chain Threats
Despite significant technological progress in addressing complex security threats, the key to preventing the next attack lies in adhering to fundamental security principles. It's essential to ensure the software ecosystem is secure, focusing on protecting .NET developers who design, build, and maintain the critical software we all use. As the home to one of the world's largest developer communities, NuGet is in a unique position to help improve the security of the software supply chain. In 2022, we launched several initiatives aimed at enhancing supply chain security and prioritizing the protection of developers...
Dark Mode Now Available on NuGet.org
We won’t keep you “in the dark” about this any longer… Dark Mode for NuGet.org is finally here! Your feedback has been invaluable in making this happen. We know that eye strain is a significant issue for many developers, and we're excited to offer a solution. Whether you prefer it for aesthetics or necessity, Dark Mode is here to enhance your experience. Inspired by the sleek and modern design of Fluent UI, we’re integrated a color scheme that is easy on the eyes and aligns with the aesthetics of other Microsoft products. Dark mode on NuGet.org respects your system themes settings on both Windows and Mac....
Announcing NuGet 6.10
NuGet 6.10 is included in Visual Studio 2022 and .NET 8.0 out of the box. You can also download NuGet 6.10 for Windows, macOS, and Linux as a standalone executable. In NuGet 6.10, we introduce some exciting new features and bug fixes, such as a new command, vulnerability auditing in , and improvements to cached credentials. For more information, and a detailed list of all changes, see our release notes. NuGet 6.10 Highlights New features in NuGet 6.10: command You can now run the command with , , , and sub-commands to easily configure and understand your NuGet environment. Here's a few scenarios us...
Announcing NuGet Commands in C# Dev Kit
With the April release of C# Dev Kit, you can now manage your NuGet packages directly from Visual Studio Code using the new commands in the command palette. To add a NuGet package to your project, use the command “NuGet: Add NuGet Package”. If you have more than one project in your solution, you will be asked to select which project you want to add the package to. Then you can search for packages by name. Then select the version you want to apply. Once you select a package, C# Dev Kit will add it to your project and update your project file and references. To update or remove a NuGet package from your project, u...
The NuGet.org repository signing certificate will be updated as soon as April 8th, 2024
Action required: If you validate that packages are repository signed by NuGet.org using a NuGet client policy, command, or the command, please follow these steps by April 8th, 2024 to avoid potential disruptions when installing new NuGet.org packages. If you are unsure, we have outlined steps to check if you will be impacted. Since 2018, NuGet.org has used an X.509 certificate to sign its NuGet packages. The certificate was last renewed on March 15, 2021, and is set to expire on May 15, 2024. As early as April 8th, a new certificate will replace it as the new NuGet.org repository signing certificate for NuGet ...
Refining Your Search: Introducing NuGet.org’s Compatible Framework Filters
Last year, we introduced search by target frameworks on NuGet.org, allowing you to filter your search results based on the framework(s) that a package targets. We received plenty of great feedback from you on how to make the filters more effective, and we are excited to announce that we are adding new search options that will now allow you to filter search results by a package’s “compatible” frameworks. Previously, if you wanted to search for packages matching ‘net8.0’, you would only see packages that explicitly include ‘net8.0’. Backwards compatibility is a key principle in .NET, and this means that packa...
Announcing NuGet 6.9
NuGet 6.9 is included in Visual Studio 2022 and .NET 8.0 out of the box. You can also download NuGet 6.9 for Windows, macOS, and Linux as a standalone executable. In NuGet 6.9, we introduce some exciting new features and bug fixes, such as an improved multi-targeting experience in Visual Studio and support for the 'dotnet search' command. For more information, and a detailed list of all changes, see our release notes. NuGet 6.9 Highlights New features in NuGet 6.9: Support for dotnet search command Starting with NuGet 6.9, you can now use the dotnet package search command for nuget.exe CLI experience to...