New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CLI installs should not install unlisted packages #7466
Comments
Do either of these actually end up installing unlisted packages? |
Didn’t check recently but I guess this issue was filed because back then these did :) do you see a different behavior now? |
I was looking into related code and noticed a "possible" issue with this. Looking at the code today, I'd expect them to have a different behavior, but I could be wrong. Either way, this needs analyzed and fixed. |
Confirming this behavior for 5.3.0. |
@matkoch can you help us understand your scenario and how this bug is causing an issue? I am asking so that I can help identify a workaround while we schedule a fix. |
Here's a helpful resource about what having an unlisted package currently means. https://docs.microsoft.com/en-us/nuget/nuget-org/policies/deleting-packages Focus on the following paragraphs from the linked page. Unlisted packages don't appear on nuget.org or in the Visual Studio UI, and do not appear in search results. Unlisted packages, however, can still be downloaded and installed by using an exact version number, which supports package restore. In addition, unlisted packages may still be discovered in the following specific scenarios:
|
|
So? |
Is anyone checking this out? I’m sorry to say, but how is this still not fixed after being reported a year ago? |
It was reported way longer ago in other issues. Even by jon skeet....
Matthias Koch <notifications@github.com> schrieb am So., 17. Nov. 2019,
18:48:
… Is anyone checking this out? I’m sorry to say, but how is this still not
fixed after being reported a year ago?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#7466?email_source=notifications&email_token=AAAOANDZUYP3JBWTNEJAB6LQUF7WRA5CNFSM4GBQDFF2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEEIRWXI#issuecomment-554769245>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAOANBRPLXYK5XJTPQHN6LQUF7WRANCNFSM4GBQDFFQ>
.
|
@karann-msft @nkolev92 did you have a chance to look into that? |
@karann-msft @nkolev92 any news? |
This is definitely still a problem when using |
The dotnet.exe side will be fixed NuGet/NuGet.Client#3480. |
👏🏽👏🏽👏🏽 |
@nkolev92 I was just testing nuget.exe and already found this to be the case. |
Unlisted package still got installed when running NuGet.exe install . |
NuGet should not install unlisted packages unless the version number is specified. So the following commands should not add an unlisted nuget package:
dotnet add package <packageID>
nuget install <packageID>
The text was updated successfully, but these errors were encountered: