Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Nuget - store packages in source control, or not?

Tags:

version-control

nuget

We currently don't use nuget for our dependencies, preferring to go old-skool way and stick them all in a libs folder and reference from there. I know. So 1990's.

Anyway, nuget has always made me feel a bit queasy... you know, reliance on the cloud and all that. As such, I'm find myself in the main agreeing with Mark Seeman (see here: http://blog.ploeh.dk/2014/01/29/nuget-package-restore-considered-harmful/) who says:

Personally, I always disable the feature and instead check in all packages in my repositories. This never gives me any problems.

Trouble is, this has changed in version 3, you can't store packages alongside the solution, as outlined here: https://oren.codes/2016/02/08/project-json-all-the-things/. Which sorta screws up checking them into source code.

So, am I worrying about nothing here? Should I drink from the nuget well, or side with Mr Seeman and er on the side of caution?

like image 742
intinit Avatar asked Mar 04 '16 16:03

intinit

People also ask

Should packages folder be in Source Control?

Should I check in the Packages folder in the Source Control to make them available for peers? The answer is "NO". You should not checkin packages folders since this will increase the size of the repository and it will become overhead when taking the latest (since the size of the packages folder is in the MBs).

Where NuGet packages are stored?

The global-packages folder is where NuGet installs any downloaded package. Each package is fully expanded into a subfolder that matches the package identifier and version number. Projects using the PackageReference format always use packages directly from this folder.

Are NuGet packages considered open source?

NuGet's client, nuget.exe is a free and open-source, command-line app that can both create and consume packages.

Should I commit NuGet packages?

NuGet now has the ability for you to re-download the missing packages as a pre-build step, meaning that you only need to commit your packages. config file (and include nuget.exe in a tools folder). Read Using NuGet Without Committing Packages to Source Control for more details.

2 Answers

Storing NuGet packages in source control is a really, really bad idea. I accidentally did it once and I ended up bloating my source code considerably, and that was before .NET Core...

Drink deep from the NuGet well. Most software components are packaged in a similar way these days (NPM, Bower etc). The referenced blog post is two years old and package management is changing rapidly in the .NET world, so here's some of my experience lately.

  • NuGet packages can't be deleted from nuget.org. They can be hidden, but if your application requests a hidden package it will download it as normal. It'll never disappear into the void.
  • 'Enable Package Restore' is no longer glitchy because it's now a default option in NuGet 2.7+. You have no choice anymore.
  • Packages are no longer stored per solution but per machine, which will save a ton of bandwidth and will decrease the initial fetch period when building.
  • If you build a new project using .NET Core, you will have dozens more packages as the entire BCL will be available as NuGet packages. Do you really want to check-in all the System.* packages into source code?
like image 189
Damien Dennehy Avatar answered Oct 18 '22 20:10

Damien Dennehy

There is a very simple reason why you want to store Nuget packages in source control. Your organization doesn't want your build server to have internet access.

like image 1
Bob Avatar answered Oct 18 '22 21:10

Bob
Sign in to Comment

Related questions

Same file in multiple changelists in perforce
How to control the number of lines that surround each difference when running `git diff`?
How to untrack all deleted files in Git
Intellij IDEA red/brown highlighted file name
What is the best way to roll-back a change set using Subversion?
A dotfile that will set the default node version on a project using nvm?
undoing git merge after merge.renameLimit warning plus conflicts
Show all conflicting files in Android Studio GUI
What is a good tool for writing a user manual (help file), which integrates with version control [closed]
PhpStorm Git keeps saying: no changes detected
Source Versioning for Visual Studio Express
Best version control for a one man web app?
Visual Studio 2008 source control for small teams
Xcode: Keyboard shortcuts for navigating changes in the commit view?
How to deploy .gitignored compiled files in Heroku?
(Git Merging) When to use 'ours' strategy, 'ours' option and 'theirs' option?
How to keep revision timestamps while converting a repository from Mercurial to Subversion?
How to delete a repository and add a new one in Android studio?
Visual Studio 2010 Not Recognizing proper Source Control Plug In
Encrypted version control

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!