Home: support for listing references into csproj from commandline(s)

Created on 14 Dec 2016  路  12Comments  路  Source: NuGet/Home

splitting off from #3751 - which now just covers the add side of this work

Spec draft: https://github.com/NuGet/Home/wiki/Support-dotnet-ref-add%7Cupdate%7Cdelete-packageref

Xplat NuGet.exe PackageReference Feature
Source
picture rrelyea
👍3

All 12 comments

I cannot find the the spec draft here: https://github.com/NuGet/Home/wiki/Support-dotnet-ref-add%7Cupdate%7Cdelete-packageref Has the url changed?

anangaur picture anangaur on 1 Mar 2017

Spec - https://github.com/NuGet/Home/wiki/Support-dotnet-add,-update,-remove-pkg

Though it is out of date a bit.

mishra14 picture mishra14 on 1 Mar 2017

feature request from: https://github.com/NuGet/Home/issues/5199

Maybe list should have an option for displaying all out of date packages.

mishra14 picture mishra14 on 10 May 2017
👍1

Id love to use this listing feature programatically in a tool I'm building.

Given a packageId,
provide me all packages having this package as a dependency recursively up to either a direct reference added by the user, or a SDK package implicitly added by the CLI (meta packages, like Microsoft.NetCore.App or NETStandard.Library).

My use case is I'm scanning for usages of vulnerable nugets (direct/transient deps), and I want to give feedback on the full dependency chain if any vulnerable dep is found so it's easier for users to know where to take action.

https://github.com/RetireNet/dotnet-retire

Atm I'm manually parsing the project.assets.json file and building up a separate object graph (no dep to the Nuget.Client library) . It would make my life alot easier if this was available in the client libraries instead.

Oh, and if such a feature already exist, please do tell! Could not find it in any doc or via looking at the source code / PRs.

johnkors picture johnkors on 19 May 2017
👍1

Hey, wondering what is the status of this? It has been awhile and the absence is still felt, especially if working with dotnet cli and vs code. Hope it makes it within the 15.5 timeframe...

lambdakris picture lambdakris on 5 Nov 2017

I'd love to have this command at the moment. I've just learned that some transitive dependency of my project has a vulnerability, but without a way to list all direct and transitive package dependencies, I have no good way to verify that I'm no longer using the vulnerable version.

Would you be willing to accept a PR for this? This issue has been open for a long time, and I'd be happy to help.

benjamin-bader picture benjamin-bader on 27 Jun 2018

@benjamin-bader there's a nice .net core global tool for listing outdated references: https://github.com/jerriep/dotnet-outdated

cwe1ss picture cwe1ss on 27 Jun 2018

@benjamin-bader As @cwe1ss mentioned, https://github.com/jerriep/dotnet-outdated is a nice global tool to help you. NuGet team is also working on an outdated command as specified here: Show outdated packages -- NuGet issue https://github.com/NuGet/Home/issues/5762

anangaur picture anangaur on 27 Jun 2018

Thanks, folks, I'll give it a try. Glad to hear that nuget will support this natively.

benjamin-bader picture benjamin-bader on 27 Jun 2018

Wiki URL seems to have changed again. https://github.com/NuGet/Home/wiki/Support-dotnet-add,-update,-remove-pkg

tillig picture tillig on 10 Jul 2018
👍1

@tillig Thanks. I have updated the link. :)

mishra14 picture mishra14 on 11 Jul 2018

Shipped dotnet list package support in dotnet sdk 2.2.100.

rrelyea picture rrelyea on 15 May 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jainaashish picture jainaashish  路  3Comments
rrelyea picture rrelyea  路  3Comments
philippe-lavoie picture philippe-lavoie  路  3Comments
skofman1 picture skofman1  路  3Comments
livarcocc picture livarcocc  路  3Comments