Home > Back-end >  Download private nuget packages from private nuget server
Download private nuget packages from private nuget server

Time:07-24

My .NET 6 project's .csproj has this:

<ItemGroup>
  <!-- public -->
  <PackageReference Include="Autofac" Version="1.0.0" />
  <PackageReference Include="FluentValidation" Version="1.0.0" />
  <PackageReference Include="Serilog" Version="1.0.0" />
  <!-- private -->
  <PackageReference Include="Company.Package1" Version="1.0.0" />
  <PackageReference Include="Company.Package2" Version="1.0.0" />
</ItemGroup>

The "public" packages are downloaded from the nuget servers, and the "private" ones from our private nuget server.

But I don't want our private packages' details to be leaked to nuget.

How do I enforce that?

CodePudding user response:

This is a new nuget feature called "Package Source Mapping".

In the nuget.config in the solution's root, I have this:

<?xml version="1.0" encoding="utf-8"?>
<configuration>

  <packageSources>
    <clear />
    <add key="nuget" value="https://api.nuget.org/v3/index.json" />
    <add key="private" value="https://www.example.com/v3/index.json" />
  </packageSources>

  <packageSourceMapping>
    <!-- public -->
    <packageSource key="nuget">
      <package pattern="*" />
    </packageSource>
    <!-- private -->
    <packageSource key="private">
      <package pattern="Company.*" />
    </packageSource>
  </packageSourceMapping>

</configuration>

Run dotnet nuget locals --clear all to clear the cache else the new policy won't apply to packages already in the cache. Then run dotnet restore.

Another use case for this feature is to ensure that a package is downloaded from a specific package repository in the case where it exists on multiple repos.

  • Related