I created the feed to store private npm package there.
When I publish my private package from the project - some another public packages are published to this feed.
Can I somehow prevent publishing of public packages to the feed?
Is it ok to store public packages on the VSTS feed?
Daniel Mann is correct - you most likely have the npmjs upstream source. Because npm only supports a single registry, the upstream source is required to use both public and private packages in the same project. This is by design and recommended by the Azure Artifacts team. The "Source" column on your package list should show that these packages come from npmjs directly.
Related
I'm using the GitHub Package to host some private NuGet packages.
I notice the feed includes upstream packages (e.g. Newtonsoft.Json, EntityFramework) in my private feed. How do I exclude them?
On Azure Artifacts, as shown in this link, we can turn it off through setting But how do we do the samethe for GitHub package feed?
I have an Azure Pipelines job setup to authenticate to a private NuGet feed in Azure Artifacts, and then build my .NET project that relies on a NuGet package in the feed. However, my private package is a pretty common name. How can I ensure that it only installs that specific package from my private feed, and doesn't try to fallback to the NuGet general gallery? I do not want it to pull in an incorrect package that has the same name and version name as my private package.
Once you configure multiple sources/feeds, NuGet will look for a package in all these sources together with no guarantee of where the package will be downloaded from. However, you could make the AzDo artifacts feed as the only configured feed and then upstream other sources from it. This way NuGet will get all packages from the configured AzDo artifacts source and AzDo artifacts will source other packages not available with it from the upstreamed sources in the order defined. More info can be found here: https://learn.microsoft.com/en-us/azure/devops/artifacts/concepts/upstream-sources?view=azure-devops
I have a NuGet package in one private NuGet Feed. I want to include that NuGet package in a different private NuGet Feed. How do I add a package to NuGet from my local computer?
Thank you
It depends on the feed you want to add the package to. If it's an HTTP feed that supports the NuGet protocol, like nuget.org or an Azure Devops Artifacts feed, then you can use nuget.exe push. Some HTTP feeds may have a web page you can use to upload the package to. If you have a local file feed (even if it's a network share, it's still operating system file IO), then you can use nuget add, but nuget push may work as well.
Unless you give us more information about your private feed, we can only give you this generic advice.
In artifacts I have created a feed,and all seems good. It publishes my packages to the feed.Good
If I understood it correctly it can work like a " private Nuget server" if you like and have all the packages that your team should be using.
I need to push several public packages to my feed.
EG How can I push "Newtonsoft" version 11.2 to my feed on azure devops?
Is this a manual step?
Can be automated?
many thanks
You don't need to do anything. Configure your feed to use NuGet.org as an upstream package source and any packages that are available on NuGet will be automatically cached when restored.
We want to build a csproj project.
Because we will be using the package internally for development and
deliver it to an external company too we decided to create 2 packages/2 feeds.
Packages are created using the csproj file.
For the public feed we build using Release configuration.
For the private feed we build using Debug configuration + Symbols.
This will output 2 packages (*.symbols.nupkg and *.nupkg)
o What is advised to maintain code privacy but still have a good developer experience?
o What do I publish to the feed for Debug?
o Can I install both public/private package somehow, if not, what is advised?
o How does nuget decide on priority if I have both public and private feed in VS?
o If we start replacing the references by assembly with the nuget package and package that project, will it include the dependencies in the nuspec file?
If the external company can access to the public feed, just use the public feed can save your energies.
You can push your nuget packages to one place (the public feed), it will be convenient to manage and maintain the package, and developers from the external company can also get the package from the public feed. And it’s also the common way to use.
If the external company can not access to the public feed, or you just want to manage the package in two separate feeds
There will have the questions as you list (the main point is packages in private feed and public feed are equal):
Any of the packages (name.symbols.nupkg and name.nupkg) can be pushed to the private feed since the contents of the two packages are same. The only difference is the names.
You can not install the package both from public feed and private feed. After install the package from one feed, when you search the package in the other feed, it will show the package has installed. And it’s the same result to install the package from any of the two feeds.