Publishing packages

  • Article
  • 7 minutes to read

Once you have created a bundle and accept your .nupkg file in paw, information technology's a simple process to make it bachelor to other developers, either publicly or privately:

  • Public packages are fabricated available to all developers globally through nuget.org equally described in this article (requires NuGet 4.1.0+).
  • Private packages are available to just a squad or organisation, by hosting them either a file share, a individual NuGet server, Azure Artifacts, or a 3rd-party repository such as myget, ProGet, Nexus Repository, and Artifactory. For additional details, see Hosting Packages Overview.

This article covers publishing to nuget.org; for publishing to Azure Artifacts, encounter Bundle Management.

Publish to nuget.org

For nuget.org, y'all must sign in with a Microsoft account, with which you'll be asked to register the account with nuget.org.

NuGet sign in location

Adjacent, you can either upload the package through the nuget.org web portal, button to nuget.org from the command line (requires nuget.exe 4.1.0+) , or publish as office of a CI/CD process through Azure DevOps Services, equally described in the following sections.

Web portal: use the Upload Package tab on nuget.org

  1. Select Upload on the top menu of nuget.org and browse to the package location.

    Upload a package on nuget.org

  2. nuget.org tells you if the package name is available. If it isn't, modify the package identifier in your projection, rebuild, and try the upload again.

  3. If the package name is available, nuget.org opens a Verify section in which you tin can review the metadata from the package manifest. If yous included a readme file in your parcel, bank check out the preview to ensure all content is being rendered properly. To alter whatever of the metadata, edit your project (project file or .nuspec file), rebuild, recreate the package, and upload again.

  4. When all the information is ready, select the Submit button

Command line

To push packages to nuget.org, you first demand an API central, which is created on nuget.org. Y'all must use either dotnet.exe (.Net Cadre), or nuget.exe v4.1.0 or above, which implement the required NuGet protocols. For more than information, see .Net Core, nuget.exe, and NuGet protocols.

Create API keys

  1. Sign into your nuget.org account or create an account if yous don't have one already.

    For more than information on creating your account, meet Individual accounts.

  2. Select your user name (on the upper right), and then select API Keys.

  3. Select Create, provide a name for your cardinal, select Select Scopes > Push button. Enter * for Glob pattern, and so select Create. (Encounter beneath for more than about scopes.)

  4. Once the primal is created, select Re-create to think the access key you demand in the CLI:

    Copying the API key to the clipboard

Alert

Always keep your API key a secret! Treat your API fundamental as a password that allows anyone to manage packages on your behalf. Y'all should delete or regenerate your API cardinal if it is accidentally revealed.

Important

Save your central in a secure location because y'all cannot copy the fundamental over again subsequently. If you return to the API key page, you need to regenerate the fundamental to copy it. You lot tin can also remove the API key if yous no longer want to button packages.

Scoping allows you to create separate API keys for different purposes. Each key has its expiration timeframe and can exist scoped to specific packages (or glob patterns). Each key is also scoped to specific operations: push of new packages and updates, push of updates only, or delisting. Through scoping, y'all can create API keys for dissimilar people who manage packages for your organization such that they have only the permissions they need. For more data, see scoped API keys.

Publish with dotnet nuget push

  1. Change to the folder containing the .nupkg file.

  2. Run the following command, specifying your package proper name (unique packet ID) and replacing the primal value with your API fundamental:

                      dotnet nuget push AppLogger.1.0.0.nupkg --api-fundamental qz2jga8pl3dvn2akksyquwcs9ygggg4exypy3bhxy6w6x6 --source https://api.nuget.org/v3/alphabetize.json

  3. dotnet displays the results of the publishing process:

                      info : Pushing AppLogger.one.0.0.nupkg to 'https://www.nuget.org/api/v2/parcel'... info :   PUT https://www.nuget.org/api/v2/parcel/ info :   Created https://world wide web.nuget.org/api/v2/packet/ 12620ms info : Your package was pushed.

Encounter dotnet nuget push.

Publish with nuget button

  1. At a command prompt, run the following control, replacing <your_API_key> with the central obtained from nuget.org:

                      nuget setApiKey <your_API_key>

    This command stores your API key in your NuGet configuration so that yous don't need to repeat this step again on the same computer.

    Note

    API cardinal is not used for authenticating with the private feed. Refer to nuget sources command to manage credentials for authenticating with the source. API keys can exist obtained from the individual NuGet servers. To create and manange APIKeys for nuget.org refer to Create API keys.

  2. Button your bundle to NuGet Gallery using the post-obit command:

                      nuget push YourPackage.nupkg -Source https://api.nuget.org/v3/alphabetize.json

Publish signed packages

To submit signed packages, you must first register the document used for signing the packages.

Package validation and indexing

Packages pushed to nuget.org undergo several validations, such equally virus checks. (All packages on nuget.org are periodically scanned.)

When the package has passed all validation checks, it might take a while for it to be indexed and appear in search results. In one case indexing is consummate, you receive an electronic mail confirming that the packet was successfully published. If the package fails a validation check, the package details page volition update to display the associated error and y'all too receive an email notifying you nearly it.

Package validation and indexing usually takes under 15 minutes. If the packet publishing is taking longer than expected, visit status.nuget.org to bank check if nuget.org is experiencing whatsoever interruptions. If all systems are operational and the bundle hasn't been successfully published inside an hr, delight login to nuget.org and contact united states using the Contact Back up link on the package page.

To see the status of a package, select Manage packages nether your business relationship proper noun on nuget.org. Yous receive a confirmation e-mail when validation is complete.

Note that it might take a while for your package to be indexed and announced in search results where others can find information technology, during which time you encounter the post-obit message on your packet folio:

Message indicating a package is not yet published

Azure DevOps Services (CI/CD)

If you push button packages to nuget.org using Azure DevOps Services as part of your Continuous Integration/Deployment process, yous must use nuget.exe 4.1 or above in the NuGet tasks. Details tin exist found on Using the latest NuGet in your build (Microsoft DevOps blog).

Managing bundle owners on nuget.org

Although each NuGet package'due south .nuspec file defines the packet's authors, the nuget.org gallery does not use that metadata to define buying. Instead, nuget.org assigns initial ownership to the person who publishes the package. This is either the logged-in user who uploaded the bundle through the nuget.org UI, or the users whose API key was used with nuget SetApiKey or nuget push.

All package owners accept full permissions for the parcel, including adding and removing other owners, and publishing updates.

To change buying of a package, practise the following:

  1. Sign in to nuget.org with the account that is the electric current owner of the parcel.
  2. Select your account name, select Manage packages, and aggrandize Published Packages.
  3. Select on the parcel you want to manage, and then on the right side select Manage owners.

From here you have several options:

  1. Remove whatsoever owner listed under Current Owners.
  2. Add an owner under Add Owner by entering their user name, a bulletin, and selecting Add. This action sends an email to that new co-owner with a confirmation link. One time confirmed, that person has full permissions to add and remove owners. (Until confirmed, the Current Owners section indicates awaiting approval for that person.)
  3. To transfer ownership (as when ownership changes or a package was published nether the wrong account), add together the new owner, and one time they've confirmed buying they tin can remove you from the list.

To assign ownership to a company or group, create a nuget.org account using an electronic mail alias that is forwarded to the appropriate team members. For case, various Microsoft ASP.Internet packages are co-owned past the microsoft and aspnet accounts, which just such aliases.

Recovering bundle ownership

Occasionally, a package may non take an active owner. For example, the original possessor may have left the visitor that produces the package, nuget.org credentials are lost, or earlier bugs in the gallery left a package ownerless.

If you are the rightful owner of a package and need to regain ownership, use the contact form on nuget.org to explicate your situation to the NuGet team. We then follow a process to verify your ownership of the package, including trying to locate the existing owner through the package's Project URL, Twitter, email, or other means. Just if all else fails, we can send y'all a new invite to go an possessor.