Announcing NuGet 6.0 – Source Mapping, Package Vulnerabilities, Faster Solution Load, Oh My!
NuGet 6.0 – Source Mapping, Package Vulnerabilities, Faster Solution Load, Oh My!
NuGet 6.0 is one of many releases in our .NET unification journey. Our NuGet tooling helps developers discover new .NET packages to use for their .NET applications, while making package management easier during your daily development.
NuGet 6.0 Highlights
There are many new features in NuGet 6.0:
- Create and use .NET 6 NuGet packages with .NET 6 Support.
- Know where your packages come from with Source Mapping.
- View Package Vulnerabilities in Visual Studio.
- Configure retry & backoff behavior in NuGet Clients.
- Exclude Default File Extensions in Build Output.
- Find alternative packages with Improved Deprecation Information in Visual Studio.
- Add a package README in Visual Studio.
- Faster Solution Load & Branch Switching in Visual Studio.
.NET 6 Support
NuGet 6.0 is the first release to offer full authoring and restoring support for NuGet packages targeting .NET 6.0. You can now target the following target frameworks:
If you aren’t familiar with the .NET 6.0 targets today or what it will look like in the future, don’t forget to check out the .NET 6.0 TFM spec.
Earlier this year, many package managers became aware of dependency confusion attacks in which a user can be tricked into installing a malicious dependency instead of the one they intended to. To fortify your software supply chain against these attacks, the NuGet team has developed a new feature that allows you to map your dependencies to specific sources. Below is an example of how you can use source mapping to protect your projects.
<!-- Define a global packages folder for your repository. --> <!-- This is where installed packages will be stored locally. --> <config> <add key="globalPackagesFolder" value="globalPackagesFolder" /> </config> <!-- Define my package sources, nuget.org and contoso.com. --> <!-- `clear` ensures no additional sources are inherited from another config file. --> <packageSources> <clear /> <!-- `key` can be any identifier for your source. --> <add key="nuget.org" value="https://api.nuget.org/v3/index.json" /> <add key="contoso.com" value="https://contoso.com/packages/" /> </packageSources> <!-- Define mappings by adding package ID patterns beneath the target source. --> <!-- Contoso.* packages will be restored from contoso.com, everything else from nuget.org. --> <packageSourceMapping> <!-- key value for <packageSource> should match key values from <packageSources> element --> <packageSource key="nuget.org"> <package pattern="*" /> </packageSource> <packageSource key="contoso.com"> <package pattern="Contoso.*" /> </packageSource> </packageSourceMapping>
Package Vulnerabilities in Visual Studio
When using the NuGet Package Manager within Visual Studio, you will now see package vulnerabilities for your packages including details such as the number and severity of vulnerabilities as well as direct links to learn more about the advisories.
Retry & Backoff Behavior
There is now a
NUGET_ENABLE_EXPERIMENTAL_HTTP_RETRY flag to improve the retry & backoff behavior of NuGet clients such as increasing the maximum amount of retries and increasing the delay for a more resilient experience when encountering a weaker internet connection.
Exclude Default File Extensions
You can now use the MSBuild flag
<AllowedOutputExtensionsInPackageBuildOutputFolder> to edit the file extensions included in the build output of your package. This gives you more control over the extensions being included in your build output folder.
Improved Deprecation Information in Visual Studio
Deprecated packages in Visual Studio now include a link to the suggested alternate package to use. You can use this feature to quickly browse and install packages that are actively maintained.
Add a Package README in Visual Studio
You can now add a package README.md file directly within Visual Studio. A README helps communicate important information about your package. It is often the first item a visitor will see when visiting your package on NuGet.org. README files typically include information on:
- What the package does
- Why the package is useful
- How users can get started with the package
- Where users can get help or contribute to your package
You can read more about adding a README to your NuGet package on our blog.
Faster Solution Load & Branch Switching in Visual Studio
In Visual Studio 2022, NuGet has redefined the contract between NuGet package restore and common Visual Studio components to improve performance for large solutions by only calling restore once instead of multiple times. This improves the time it takes for background processes to complete significantly.
Install Visual Studio 2022 and let us know if you notice a faster experience when loading your large solutions or switching between branches!
NuGet 6.0 is a big release that should improve many aspects of your daily package management needs. We’ve added a bunch of new features to Visual Studio experiences, improved restore performance to solution load & branch switching, and added support to .NET 6!
We’re excited to see you use NuGet 6.0 & include it in your toolset for building amazing things with .NET.
For more details on NuGet 6.0, see our official release notes.
Your feedback is important to us. If there are any problems with this release, check our GitHub Issues and Visual Studio Developer Community for existing issues. For new issues within NuGet, please report a GitHub Issue. For general NuGet experience issues, let us know via the Report a Problem option found in your favorite IDE under
Help > Report a Problem.
The post Announcing NuGet 6.0 – Source Mapping, Package Vulnerabilities, Faster Solution Load, Oh My! appeared first on The NuGet Blog.
>>> Read the Full Story at The NuGet Blog