Prevent publishing to public NuGet gallery

Question

We're using NuGet to package our internal dependencies. We're setting up a private NuGet repository for these.

However, I'm concerned that someone might accidentally publish one of our packages to the public NuGet repository.

Can I prevent this?

Answer 1

You can define NuGet.config file with DefaultPushSource value referencing your internal NuGet Gallery instance. Put the config file next to your internal packages nuspec files.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <config>
    <add key="DefaultPushSource" value="https://nuget.example.com" />
  </config>
</configuration>

In general the NuGet.config file closest to the folder nuget.exe runs from wins, the section below walks through the details.

NuGet first loads NuGet.config from the default location, then loads any file named NuGet.config starting from the root of the current drive and ending in the current directory.

Chaining multiple configuration files

The NuGet Config Defaults file also allows specification of the Default Push Source. This will be the default push source if one is not provided in the command line argument of nuget.exe. Without a default push source specifid in the NuGet Config Defaults file, nuget.org is the default nuget.exe push source. Using the new configuration though, administrators can change the default push source to an internal package soure. This will help prevent accidental publishing of packages to nuget.org.

Default NuGet.exe Push Source