MyGet Blog

Package management made easier!

NAVIGATION - SEARCH

MyGet's NuGet and NPM news from the community (October 2016)

Here we are again! Our third installment of MyGet's NuGet and NPM news from the community. Each month, we bring you some interesting blog posts and articles found on the Internet, curated by our MyGet founders Xavier and Maarten. Follow @MyGetTeam on Twitter for more!

NuGet news

NuGet news, curated by MyGetWondering what's happening with .NET Core tooling? Microsoft released a blog post with more background information on Visual Studio '15'. Looks like NuGet package references will become part of the project file.

.NET Core 1.1 Preview 1 was just released. It includes support for additional Linux distributions and has many updates, new middlewares and so on.

What's up with all these target frameworks in NuGet and .NET Core? Immo Landwerth sheds some light on NETStandard, discussing how it will solve the code sharing problem for .NET developers across all platforms.

Jeremy Miller wrote a war story converting a complicated codebase to CoreCLR.

Were you using NuGet.Core in your code? Try the new client libraries instead, with support for v3 feeds. Andrei Marukovich wrote a good introduction on the new client libraries that covers some basic operations.

Still learning NuGet? Erik Dietrich wrote a blog post "How To Put Your Favorite Source Code Goodies on NuGet" where he explains the simple process of taking a piece of code, packaging it up and publishing it out there.

On Emin Atac's blog: Inside the NuGet bootstraping process. He looks into PowerShellGet and how it initializes the NuGet PowerShell module provider and brings the required dependencies to our machine.

Filip W.'s proud of Elon Musk planning to go to Mars. Meanwhile, we get to experience this.

NPM news

NPM news, curated by MyGetA fresh version of npm landed, 3.10.9, mostly containing bug fixes in the shrinkwrap and uninstall commands. A pre-release of 4.0.1 also appeared, with some really nice changes in how search works (now streamign results instead of buffering).

Not ony a fresh npm, also a fresh Node.js! The team just baked version 7.0.0 with an updated V8 engine (5.4) which brings performance and reliability fixes.

Want to know how the folks at npm deploy? They just blogged about it. A git push is all it takes, at least on the surface. Quite a few tools and conventions are used under the hood to make that work smoothly.

Hello, Yarn! - Facebook announced a new JavaScript package manager which is fully compatible with NPM and introduces really good installation and resolution performance. We're keeping a close eye on this one!

A great series of blog posts on using Node.js at Scale - npm Best Practices has started. It is a series covering bigger Node.js installations, fordevelopers who already learned the basics of Node from writing clean code to deploying to monitoring.

Follow the leader! The folks at npmjs.com released some boiler plate code for following, replicating or doing other things based on newly uploaded packages. Pretty cool if you want to drink from the firehose!

If you have any news to share or have other feedback, let us know using the comments below or reach out on Twitter.

Happy packaging!

Checking potential vulnerabilities in project dependencies

Software projects nowadays are based on many third party and open source libraries. It is important to be aware of any potential security vulnerabilities in these components, to ensure our own software project is secure. Thanks to OSSIndex and Vor Security, we now have a vulnerability report ready for your MyGet feed!

While still in preview, every feed now has a Vulnerabilities tab which reports potential vulnerabilities in packages on that feed, whether NuGet, npm or Bower.

vulnerability-report

The vulnerability report provides us with an overview of potential vulnerabilities in our dependencies. We can also see the percentage of packages with potential vulnerabilities versus the percentage of packages with no known vulnerabilities.

Give it a go, we’re looking forward to your feedback on this new feature! Leave your comments below or reach out on Twitter.

Happy packaging!