The NuGet Blog

The latest news, updates, and insights from the NuGet team

Enable repeatable package restores using a lock file
Enable repeatable package restores using a lock file
Anand Gaurav December 17, 2018 Dec 17, 2018 12/17/18
With PackageReference, NuGet always tries to produce the same closure of package dependencies if the input package reference list has not changed. However, there are a few scenarios where it may not be able to do so. While these cases are limited, we received multiple requests to completely lock down the full package dependency graph for ...
Lock down your dependencies using configurable trust policies
Lock down your dependencies using configurable trust policies
Avatar December 5, 2018 Dec 5, 2018 12/5/18
For the past several months we have focused on various features to improve package security and trust. Around a year back, we had announced our plans on various signing functionalities that we have been implementing at a steady pace. We enabled package author signing and NuGet.org repository signing earlier this year. Continuing on the signing...
Improved package debugging experience with the NuGet.org symbol server
Improved package debugging experience with the NuGet.org symbol server
Karan Nandwani November 16, 2018 Nov 16, 2018 11/16/18
Starting today, you can publish symbol packages to the NuGet.org symbol server. With NuGet.org as a single service provider for libraries and symbols, package authors and consumers will have a streamlined publishing and consumption experience. With a single place for managing authentication and identity, you can be sure that both the package ...
Introducing Source Code Link for NuGet packages
Introducing Source Code Link for NuGet packages
Avatar August 27, 2018 Aug 27, 2018 08/27/18
NuGet.org now supports surfacing source code repository link for NuGet packages. This will enable package authors to surface both the project's website and the source repository using the projectUrl and the repository properties respectively instead of having to choose between the two using just the projectUrl property. The nuspec has ...
NuGet.org starts repo-signing packages
NuGet.org starts repo-signing packages
Avatar August 10, 2018 Aug 10, 2018 08/10/18
In May, we implemented Stage 1 and enabled support for any NuGet.org user to submit signed packages to NuGet.org. Today, we are announcing Stage 2 of our NuGet package signing journey - tamper proofing the entire package dependency graph. What is a Repository Signature? A repository signature is a code signing signature produced with an X....
NuGet Summer 2018 Roadmap
NuGet Summer 2018 Roadmap
Anand Gaurav July 2, 2018 Jul 2, 2018 07/2/18
This blog post provides insights into the NuGet team plans for the upcoming quarter (July - Sep 2018). In the March 2018 NuGet Spring 2018 Roadmap, we had outlined Package Signing, Organizations, Cross-platform credential provider support, Repeatable builds for PackageReference based projects, etc. as our immediate priorities. We were able to ...
Introducing signed package submissions to NuGet.org
Introducing signed package submissions to NuGet.org
Avatar May 22, 2018 May 22, 2018 05/22/18
In September 2017, we announced our plans to improve the security of the NuGet ecosystem by introducing the ability for package authors to sign packages. Today, we want to announce support for any NuGet.org user to submit signed packages to NuGet.org. A signed NuGet package is designed to be fully compatible with pre-existing NuGet servers ...
NuGet.org will only support MSA/AAD starting June 1st, 2018
NuGet.org will only support MSA/AAD starting June 1st, 2018
Anand Gaurav May 15, 2018 May 15, 2018 05/15/18
We had previously announced the deprecation of NuGet.org's home-grown authentication in favor of Microsoft accounts (MSA) that will allow us to add support for additional security systems such as two-factor authentication (2FA). We will be disabling the NuGet.org's home-grown authentication mechanism starting June 1st, 2018. This means that ...
Welcoming SymbolSource to the .NET Foundation
Welcoming SymbolSource to the .NET Foundation
Karan Nandwani May 1, 2018 May 1, 2018 05/1/18
We are excited to welcome SymbolSource.org to the .NET Foundation! SymbolSource has been providing a valuable service to the .NET Community for years with the ability to host Symbols for public NuGet packages on SymbolSource. With recent progress made in several areas, including SymbolSource being published to GitHub and NuGet.org planning a ...
Organizations on NuGet.org
Organizations on NuGet.org
Anand Gaurav April 17, 2018 Apr 17, 2018 04/17/18
We are happy to announce support for Organizations on NuGet.org. This will help businesses and open-source projects collaborate on packages using a single nuget.org identity. Why organizations? NuGet.org used to allow you to create an account and publish packages through that account with little support to manage and publish packages as a ...