I have written a little library for Sitecore(a CMS product) which means my library depends on Sitecore. Sitecore, the company, have recently made their product available as nuget packages. However they have chosen to host their own nuget package source.
When I use nuget spec/pack myLibrary.csproj to generate a nuget package, only the nuget packages from the official package source are included as dependencies.
Is it possible to include dependencies from another package source in nuget packages?
Or maybe I should ask, how do you go about creating packages from alternative package sources ?
Related
If I create a new Azure Functions project and do dotnet restore -v n with a cleared nuget cache, I see that it fetches (among others) the following packages from https://api.nuget.org/v3/index.json as transitive dependencies of Microsoft.NET.Sdk.Functions 4.1.1 (the only top-level package I have installed):
Installed Microsoft.AspNetCore.Http 2.1.0 from https://api.nuget.org/v3/index.json with content hash eAPryjDRH41EYY2sOMHCu+tHXLI6PUN1AsOPKst6GbiIoMi8wJCiPcE4h9418tKje1oUzmMc2Iz8fFPPVamfaw==.
Installed System.Net.Http 4.3.0 from https://api.nuget.org/v3/index.json with content hash sYg+FtILtRQuYWSIAuNOELwVuVsxVyJGWQyOnlAzhV4xvhyFnON1bAzYYC+jjRW8JREM45R0R5Dgi8MTC5sEwA==.
Installed System.Net.Sockets 4.3.0 from https://api.nuget.org/v3/index.json with content hash m6icV6TqQOAdgt5N/9I5KNpjom/5NFtkmGseEH+AK/hny8XrytLH3+b5M8zL/Ycg3fhIocFpUMyl/wpFnVRvdw==.
My question is why is it fetching these packages from nuget.org when they are part of the .net core SDK? Why is it not using those? Surely I am doing something wrong. Shouldn't the default be to use the packages from the SDK, not these old packages, some of which have vulnerabilities (System.Net.Sockets 4.3.0 for example)?
I'm not able to ignore these because we use a corporate JFrog repository that blocks these packages, so nuget restore errors when using that as a source. I'm showing the repro steps with nuget.org as the source to rule out an issue with JFrog. It also downloads (successfully) these old packages from nuget.org, so it can't be an issue with the repository. It must be something with my Visual Studio, nuget configuration, dotnet core installation, etc.
Check your Package Sources under Tools>Options>NuGet Package Manager.
If you uncheck the nuget.org it won't fetches packages from https://api.nuget.org/v3/index.json
In my class library, Manage Nuget Packages shows the latest stable version of Newtonsoft as 12.0.3. In another application that references the class library, Manage Nuget Packages shows the latest stable version of Newtonsoft as 9.0.1
What would explain that difference, and how is it fixed in Visual Studio 2019? When I try to compile the application, it fails with the error that the class library's version of Newtonsoft is newer.
EDIT: I think I've found the reason: in the top right corner of the window the package source for the application was not nuget.org but Visual Studio Offline Sources.
Why is the latest stable version of Newtonsoft showing in Nuget
Package Manager as 12.0.3 in one project and as 9.0.1 in another?
When you install a nuget package, you should select the right nuget package source.
As it shows that, Visual Studio Offline Sources is your local nuget caches. It is required that you download the corresponding nuget version and then exist in this data source. So it depends on you and not all versions of the package are fully displayed.
nuget.org is the ultimate destination for developers releasing nuget packages. You can find every version of the package here. So you should check this link.
Check and enable that link.
Then, open Nuget Package Manager UI and choose nuget.org and you can find it.
In my solution I have a PCL project and two other projects, each for different platforms.
Sometimes a NuGet package used in PCL require installing it to the platform project as well, otherwise things will crash at runtime.
When I install the NuGet package, how do if it's also required to install it to the platform projects?
For example, it's not clear to me if Microsoft.Net.Http requires also installation in Xamarin Android project or not. This is just an example.
Or, I don't know if SQLite.Net-PCL requires it to be installed on platform projects as well.
Things you can do:
Read the documentation provided by the NuGet package author. Either from a project web site or in the description for the NuGet package.
Use your favourite search engine for examples of how to use that NuGet package.
If there are multiple NuGet packages that are named after the platform then that gives you an idea that the PCL NuGet package might not work in the platform specific project.
Have a look inside the NuGet package using something like the NuGet Package Explorer available on Windows. If the NuGet package has lib directories that are platform specific as well as a PCL directory then it will need to be installed in the platform specific project.
Run your application and see if it works.
Taking Microsoft.Net.Http as an example. The documentation does not really say explicitly. If you search the internet you can find a blog post or two that mentions that you have to install it into your platform specific project.
If you take a look inside the Microsoft.Net.Http NuGet package you can see it has several lib directories:
There are platform specific directories, such as MonoAndroid and Xamarin.iOS10 as well as PCL directories, such as portable-net45+win8. This suggests you should install it into all your projects.
I know name of nuget package in official nuget gallery. How can I check on which platforms it's avaibale, e.g full .net, silverlight, windows store apps, universal platform, etc..?
On Windows I normally use the NuGet Package Explorer which will download the NuGet package and show you its contents. The frameworks it supports are shown in the lib directory inside the NuGet package.
You can also just download the NuGet package from NuGet and unzip it.
I'm looking to create two separate NuGet packages (say, package A and package B) to connect to two different versions of a service. Is it possible to add a check where NuGet only installs package A if package B has not been installed?