Nuget Sign Checker
Scrapes the nuget.org package stats page to get a list of the top 100 community packages and then downloads each one to check if the package has an author signature or not.
This tool is featured in a blog post about the NuGet Package Signing experience.
The code doesn't test all one hundred of the top packages. Instead, it tries to group packages by prefix and then picks the first one from each group. The reason for this behavior is that there are groups of packages that are related to each other and often installed together. For example, there are around eight different xunit.* packages. If one is signed, the rest are likely assigned. And most of these packages are installed as a group. I wanted to look at unique groups of packages.
So when there are multiple packages with the same prefix, this code just grabs the first one of that group and ignores the rest. It's not perfect, but it's good enough.
Code assumes that you have
nuget.exe in the
I just load the solution in Visual Studio 2017 and hit the play button. But if you like going through more hoops, you can build the console dll and run the following from the root of the solution: