The NuGet Blog

The latest news, updates, and insights from the NuGet team

Introducing Source Code Link for NuGet packages
Introducing Source Code Link for NuGet packages
NuGet.org now supports surfacing source code repository link for NuGet packages. This will enable package authors to surface both the project's website and the source repository using the projectUrl and the repository properties respectively instead of having to choose between the two using just the projectUrl property. The nuspec has supporte
NuGet.org starts repo-signing packages
NuGet.org starts repo-signing packages
In May, we implemented Stage 1 and enabled support for any NuGet.org user to submit signed packages to NuGet.org. Today, we are announcing Stage 2 of our NuGet package signing journey - tamper proofing the entire package dependency graph. What is a Repository Signature? A repository signature is a code signing signature produced with an X.50
NuGet Summer 2018 Roadmap
NuGet Summer 2018 Roadmap
This blog post provides insights into the NuGet team plans for the upcoming quarter (July - Sep 2018). In the March 2018 NuGet Spring 2018 Roadmap, we had outlined Package Signing, Organizations, Cross-platform credential provider support, Repeatable builds for PackageReference based projects, etc. as our immediate priorities. We were able to
Introducing signed package submissions to NuGet.org
Introducing signed package submissions to NuGet.org
In September 2017, we announced our plans to improve the security of the NuGet ecosystem by introducing the ability for package authors to sign packages. Today, we want to announce support for any NuGet.org user to submit signed packages to NuGet.org. A signed NuGet package is designed to be fully compatible with pre-existing NuGet servers an
NuGet.org will only support MSA/AAD starting June 1st, 2018
NuGet.org will only support MSA/AAD starting June 1st, 2018
We had previously announced the deprecation of NuGet.org's home-grown authentication in favor of Microsoft accounts (MSA) that will allow us to add support for additional security systems such as two-factor authentication (2FA). We will be disabling the NuGet.org's home-grown authentication mechanism starting June 1st, 2018. This means that yo
Welcoming SymbolSource to the .NET Foundation
Welcoming SymbolSource to the .NET Foundation
We are excited to welcome SymbolSource.org to the .NET Foundation! SymbolSource has been providing a valuable service to the .NET Community for years with the ability to host Symbols for public NuGet packages on SymbolSource. With recent progress made in several areas, including SymbolSource being published to GitHub and NuGet.org planning a s
Organizations on NuGet.org
Organizations on NuGet.org
We are happy to announce support for Organizations on NuGet.org. This will help businesses and open-source projects collaborate on packages using a single nuget.org identity. Why organizations? NuGet.org used to allow you to create an account and publish packages through that account with little support to manage and publish packages as a te
Migrate to PackageReference with 3 clicks
Migrate to PackageReference with 3 clicks
Last year, we introduced the option to make PackageReference the default package management format for managing NuGet dependencies when installing the first NuGet package for a newly created projects. With Visual Studio Version 15.7 Preview 3, we have introduced the capability to migrate existing projects that use the packages.config format to
Incident report – NuGet.org downtime on March 22, 2018
Incident report – NuGet.org downtime on March 22, 2018
We did this blog post to report about the incident that happened on March 22, 2018. In the last couple of days we digged deeper into the incident. Here is the summary of our findings and proposed next steps. Customer Impact NuGet.org website and V2 APIs were unavailable for 2 hours on March 22, 2018 between 8:45AM - 11:30AM UTC. More than 1.
NuGet Spring 2018 Roadmap
NuGet Spring 2018 Roadmap
In August 2017, we published the NuGet Fall 2017 Roadmap where we outlined our backlog for the upcoming quarter. Since then, we’ve published specifications for these experiences on GitHub for the community to review. You have provided a ton of great feedback that has helped us ensure we deliver the right experiences. Thank you for your conti