{NuGet}

A dependencies confusion usecase

Dependencies confusion basics
(the one with no typo, or LLM package)

# NuGet

Build (CICD/Dev)

Repo 1
(public)

Repo 2
(private)

?

Parler de NuGet me donne envie de revoir Green Book...

Did you use NuGet ?

# NuGet

Du coup, j'imagine que plein de dev utilise NuGet sans le savoir

NuGet: It's effective

# NuGet

Solution, user and computer level. With unlimited parent.

NuGet: It's effective

# NuGet

NuGet: It's clear

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear/>
    <add key="Microsoft Visual Studio Offline Packages" value="C:\Program Files (x86)\Microsoft SDKs\NuGetPackages\" />
    <add key="private" value="https://repo.private/index.json" />
    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" allowInsecureConnections="True" />
  </packageSources>
  <packageSourceCredentials>
    <private>
      <add key="Username" value="SuperAdmin" />
      <add key="ClearTextPassword" value="MyPassword" />
    </private>
  </packageSourceCredentials>
</configuration>
NuGet

NuGet: Versioning

NuGet
<!-- Accepts any version 6.1 and above.
     Will resolve to the smallest acceptable stable version.-->
<PackageReference Include="ExamplePackage" Version="6.1" />
<!-- Accepts any 6.x.y version.
     Will resolve to the highest acceptable stable version.-->
<PackageReference Include="ExamplePackage" Version="6.*" />
<!-- Accepts only version 6.1.0. -->
<PackageReference Include="ExamplePackage" Version="[6.1.0]" />
<!-- Accepts any version above, but not including 4.1.3. Could be
     used to guarantee a dependency with a specific bug fix. 
     Will resolve to the smallest acceptable stable version.-->
<PackageReference Include="ExamplePackage" Version="(4.1.3,)" />
<!-- Accepts any version up below 5.x, which might be used to prevent pulling in a later
     version of a dependency that changed its interface. However, this form is not
     recommended because it can be difficult to determine the lowest version. 
     Will resolve to the smallest acceptable stable version.
     -->
<PackageReference Include="ExamplePackage" Version="(,5.0)" />
<!-- Accepts any 1.x or 2.x version, but not 0.x or 3.x and higher.
     Will resolve to the smallest acceptable stable version.-->
<PackageReference Include="ExamplePackage" Version="[1,3)" />

<!-- Accepts 1.3.2 up to 1.4.x, but not 1.5 and higher.
     Will resolve to the smallest acceptable stable version. -->
<PackageReference Include="ExamplePackage" Version="[1.3.2,1.5)" />

Quel cauchemar pour les gens qui font SBOUM

NuGet: /NuGet/Home/issues/5611

NuGet
NuGet

NuGet: Even System package ?

NuGet

NuGet: Use case

NuGet
  • Push "public" package on "internal" repo
    (no page, may be fastest)
  • Push "internal" named packed on nuget
    (no page, index maybe cached)
    Slow down internal repo with some DDoS?
  • Not stable/easy to reproduce

NuGet: No change, solution ?

NuGet
<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <!-- Define mappings by adding package patterns beneath the target source. -->
    <!-- Contoso.* packages and NuGet.Common will be restored from contoso.com,
         everything else from nuget.org. -->
    <packageSourceMapping>
        <!-- key value for <packageSource> should match key values from <packageSources> element -->
        <packageSource key="nuget.org">
            <package pattern="*" />
        </packageSource>
        <packageSource key="private">
            <package pattern="Contoso.*" />
            <package pattern="NuGet.Common" />
        </packageSource>
    </packageSourceMapping>
</configuration>

Recent on the life of NuGet, not used so much

NuGet 🐔

By Tr4l

Made with Slides.com

NuGet 🐔

  • 140

More from Tr4l