NuGet Blog

NuGet Spring 2019 Roadmap

April 10, 2019

We published our last NuGet roadmap in June last year. Many of the features announced were major additions to NuGet and we have been hard at work to implement those over the last few months. In this post, we will start by summarizing the features we have completed and then peek into the next wave of work planned. Looking back Here are some features that were announced in our last roadmap blog post and have since been released. Cross-platform credential provider support for Azure Artifacts Status: Implemented | Documentation Before, there was no easy way to restore packages on Linux [...]


Enable repeatable package restores using a lock file

December 17, 2018

With PackageReference, NuGet always tries to produce the same closure of package dependencies if the input package reference list has not changed. However, there are a few scenarios where it may not be able to do so. While these cases are limited, we received multiple requests to completely lock down the full package dependency graph for projects to produce repeatable restores (builds). We have been working on your feedback, iterating quite a few times, on the approach and design over the past few months. We are happy to announce that we have now introduced the ability to lock your project’s [...]


Lock down your dependencies using configurable trust policies

December 05, 2018

For the past several months we have focused on various features to improve package security and trust. Around a year back, we had announced our plans on various signing functionalities that we have been implementing at a steady pace. We enabled package author signing and repository signing earlier this year. Continuing on the signing journey, we are happy to announce configurable client policies to secure developer environments for packages. With this feature, developers can now customize their environment to define package authors and/or package repositories they trust thereby allowing only trusted packages to be installed. This information is stored [...]


Improved package debugging experience with the symbol server

November 16, 2018

Starting today, you can publish symbol packages to the symbol server. With as a single service provider for libraries and symbols, package authors and consumers will have a streamlined publishing and consumption experience. With a single place for managing authentication and identity, you can be sure that both the package and its symbols are coming from the same author when you consume a NuGet package from Publish a snupkg to the symbol server today! We have introduced a new symbol package format - .snupkg. You will need Visual Studio 2017 15.9 to generate portable PDBs that [...]


Introducing Source Code Link for NuGet packages

August 27, 2018 now supports surfacing source code repository link for NuGet packages. This will enable package authors to surface both the project’s website and the source repository using the projectUrl and the repository properties respectively instead of having to choose between the two using just the projectUrl property. The nuspec has supported the repository property for a while and today more than 16,000 packages contain this property. We have now come a full circle by surfacing this information on the package details page (on This is how it looks for the Newtonsoft.Json package: In this post, I would like to [...]

Read more... starts repo-signing packages

August 10, 2018

In May, we implemented Stage 1 and enabled support for any user to submit signed packages to Today, we are announcing Stage 2 of our NuGet package signing journey - tamper proofing the entire package dependency graph. What is a Repository Signature? A repository signature is a code signing signature produced with an X.509 certificate. This signature is uniquely associated with a repository using custom metadata. Benefits of repository signatures has started to repository sign new package submissions. Author signed packages will be countersigned by repository signature. This will provide package integrity guarantee for packages published [...]


NuGet Summer 2018 Roadmap

July 02, 2018

This blog post provides insights into the NuGet team plans for the upcoming quarter (July - Sep 2018). In the March 2018 NuGet Spring 2018 Roadmap, we had outlined Package Signing, Organizations, Cross-platform credential provider support, Repeatable builds for PackageReference based projects, etc. as our immediate priorities. We were able to complete much of this work over the past few months and have made good progress on others. In this blog post, I would like to summarize our progress and share our plans for the next quarter. Looking back Here is a quick summary of various experiences that we enabled [...]


Introducing signed package submissions to

May 22, 2018

In September 2017, we announced our plans to improve the security of the NuGet ecosystem by introducing the ability for package authors to sign packages. Today, we want to announce support for any user to submit signed packages to A signed NuGet package is designed to be fully compatible with pre-existing NuGet servers and clients. Only newer versions of NuGet clients will take advantage of validating package signatures. We added this capability to Visual Studio 2017 15.6 – so we encourage you to upgrade to the latest VS updates to benefit from these added security measures. All the [...]

Read more... will only support MSA/AAD starting June 1st, 2018

May 15, 2018

We had previously announced the deprecation of’s home-grown authentication in favor of Microsoft accounts (MSA) that will allow us to add support for additional security systems such as two-factor authentication (2FA). We will be disabling the’s home-grown authentication mechanism starting June 1st, 2018. This means that you can only sign in to using a Microsoft account or an Azure AD account from next month. If you have not yet linked your account to MSA/AAD, do it now! Linking MSA/AAD to an existing account If you have not yet linked your account to a MSA/AAD, you can [...]


Welcoming SymbolSource to the .NET Foundation

May 01, 2018

We are excited to welcome to the .NET Foundation! SymbolSource has been providing a valuable service to the .NET Community for years with the ability to host Symbols for public NuGet packages on SymbolSource. With recent progress made in several areas, including SymbolSource being published to GitHub and planning a symbol server experience, we are thrilled to announce SymbolSource has joined the .NET Foundation. This post is to explain how the SymbolSource symbol server will exist harmoniously with the upcoming symbol server. With the recent open-sourcing of SymbolSource, the project is looking for new contributors. Head over [...]


Previous |