Publish unlisted NuGet package

ONLINECAST

2 min read

·

06-10-2024

6

0

Share

Publishing Unlisted NuGet Packages: A Guide for Private Package Management

The Problem: You've developed a fantastic library, but it's not ready for the public eye. Maybe it's a private tool for your company, or you're still in the early stages of development. How can you share this code with your team or other trusted collaborators without making it publicly available?

Solution: The answer lies in publishing unlisted NuGet packages. These packages are hidden from the public NuGet feed, allowing you to manage access and distribution privately.

Understanding Unlisted Packages

Unlisted NuGet packages are hidden from the default NuGet Gallery, meaning they won't be discovered through searches or browses. Instead, they are stored in a separate, private location accessible only to authorized users.

The Scenario: A Private Company Library

Let's say you're building a library for internal use at your company, "MyCompany.Utils". You want to share this library with your developers, but you don't want it exposed to the public.

Original Code (NuGet package publishing):

dotnet publish -c Release
dotnet nuget push MyCompany.Utils.1.0.0.nupkg -s https://api.nuget.org/v3/index.json -k <YOUR_API_KEY>

The Challenge: This code would publish "MyCompany.Utils" to the public NuGet Gallery, making it accessible to anyone.

Switching to Unlisted Publishing

1. Configure a Private NuGet Feed: You can use a service like MyGet, ProGet, or Azure DevOps to host your private feed. These services provide secure storage and access control for your packages.

2. Modify your NuGet Push Command:

   • Replace https://api.nuget.org/v3/index.json with the URL of your private feed.
   • Ensure the -k flag points to the correct API key for your private feed.

   dotnet publish -c Release
   dotnet nuget push MyCompany.Utils.1.0.0.nupkg -s https://your-private-feed.example.com/v3/index.json -k <YOUR_PRIVATE_API_KEY>
   

3. Set the IsUnlisted Property: When pushing your package, ensure you set the IsUnlisted property to true in the nuspec file.

   <package>
       <metadata>
           <id>MyCompany.Utils</id>
           <version>1.0.0</version>
           <title>MyCompany Utilities</title>
           <authors>MyCompany</authors>
           <description>A collection of utility functions for MyCompany.</description>
           <isUnlisted>true</isUnlisted> 
       </metadata>
   </package> 
   

4. Manage Access: Configure your private feed to restrict access to specific users or groups, ensuring only authorized individuals can consume the packages.

Benefits of Unlisted Packages

• Privacy: Protects your code from unauthorized access and prevents it from being used in unintended ways.
• Controlled Distribution: Allows you to share your code selectively with your team or trusted collaborators.
• Versioning and Updates: Manage package versions and updates internally, ensuring consistency and stability.
• Early Testing: Enables you to test your code with select users before releasing it publicly.

Conclusion

Publishing unlisted NuGet packages provides a secure and flexible way to manage private libraries. By understanding the process and utilizing a private NuGet feed, you can effectively share your code without compromising its security or jeopardizing its development lifecycle.

Resources:

• MyGet: https://www.myget.org/
• ProGet: https://www.infragistics.com/products/proget
• Azure DevOps: https://docs.microsoft.com/en-us/azure/devops/pipelines/artifacts/nuget/publish
• NuGet Documentation: https://docs.microsoft.com/en-us/nuget/reference/nuspec