My .NET 6 project's .csproj
has this:
<ItemGroup>
<!-- public -->
<PackageReference Include="Autofac" Version="1.0.0" />
<PackageReference Include="FluentValidation" Version="1.0.0" />
<PackageReference Include="Serilog" Version="1.0.0" />
<!-- private -->
<PackageReference Include="Company.Package1" Version="1.0.0" />
<PackageReference Include="Company.Package2" Version="1.0.0" />
</ItemGroup>
The "public" packages are downloaded from the nuget servers, and the "private" ones from our private nuget server.
But I don't want our private packages' details to be leaked to nuget.
How do I enforce that?
CodePudding user response:
This is a new nuget feature called "Package Source Mapping".
In the nuget.config
in the solution's root, I have this:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<clear />
<add key="nuget" value="https://api.nuget.org/v3/index.json" />
<add key="private" value="https://www.example.com/v3/index.json" />
</packageSources>
<packageSourceMapping>
<!-- public -->
<packageSource key="nuget">
<package pattern="*" />
</packageSource>
<!-- private -->
<packageSource key="private">
<package pattern="Company.*" />
</packageSource>
</packageSourceMapping>
</configuration>
Run dotnet nuget locals --clear all
to clear the cache else the new policy won't apply to packages already in the cache. Then run dotnet restore
.
Another use case for this feature is to ensure that a package is downloaded from a specific package repository in the case where it exists on multiple repos.