MyGet Blog

Package management made easier!

NAVIGATION - SEARCH

MyGet's NuGet and NPM news from the community (November 2016)

It’s November, the holiday season is almost there. In our fourth MyGet's NuGet and NPM news from the community, let's look at some interesting blog posts and articles found on the Internet, curated by our MyGet founders Xavier and Maarten. Follow @MyGetTeam on Twitter for more!

NuGet news

NuGet news, curated by MyGetThe NuGet team just released NuGet 3.5, with mostly performance improvements, features and new target frameworks like netstandard and netcoreapp. The performance improvement during package restore is phenomenal, definitely worth upgrading. And you can now package SemVer 2.0 packages as well (and publish them to MyGet).

They also published a release candidate of 4.0, with support for adding NuGet references in the project file. Which is great as we can now use MSBuild variables in our dependency definitions.

More releases at Microsoft's Connect conference. There's Visual Studio 2017 RC as well as a new .NET Core version (1.1).

Armin Reiter wrote a post titled Powershell package management – NuGet, Chocolatey and Co. He describes what OneGet is and how PowerShell package management (which is now integrated in Windows 10 as well) can be used to install and manage modules and software on our system.

Rick Strahl wrote a post on .NET Standard 2.0 - Making Sense of .NET Again. He covers what .NET Standard 2.0 means to developers and how it fits into the future of .NET and .NET Core.

NPM news

NPM news, curated by MyGetA fresh npm@latest version has landed, 4.0.2 (and a prerelease 4.0.3, adding Node 7 support and a simplified lifecycle for publish events.

Ever wondered what a package manager is made of? Why are lockfiles considered bad practice for libraries but good for apps? Shubheksha Jalan wrote a nice blog post about Javascript Package Managers 101

But what is a dependency? Is it simply code we depend on? Guy Podjarny describes the 5 dimensions of an npm dependency in detail.

What are the bots up to on npm? That was the question Adam Baldwin asked himself after analyzing who else is downloading and running / testing random modules on npm. Interesting finds, for example a package that phones home after being installed.

In 7 npm tricks to knock your wombat socks off, Tierney Coren describes a couple of tips and tricks with the npm command line. For example adding npm completion under bash, or making sure packages you install actually work with the current Node version using "engine-strict".

Elijah Manor and his team started exploring running npm scripts in a git pre-commit hook and run linting before a commit. This technique ensures no invalid JavaScript code can be committed to source control.

If you have any news to share or have other feedback, let us know using the comments below or reach out on Twitter.

Happy packaging!

Learning NuGet Semantic Version Ranges with SemVer Explorer

When authoring NuGet packages, you can declare package dependency versions using Semantic Versioning. NuGet allows specifying dependencies as floating ranges, using interval notation or using fixed version numbers, as explained in the NuGet docs.

MyGet SemVer Explorer allows you to specify a SemVer dependency range, and will check the target package repository for the package versions that match.

NuGet dependency range explorer

Version ranges can be simple (e.g. 6.1.* to match all packages >= 6.1.0) or more complex using interval notation (e.g. (8.0,9.0.1) to match versions that are between 8.0 and 9.0.1. SemVer explorer lets you try these ranges and see which versions of an actual package match. Once satisfied, version ranges can be used in a packages.config or project.json document for use with NuGet or the .NET Core command line.

Can I target MyGet feeds?

Definitely! By default, the tool is configured to query the v3 NuGet.org repository at https://api.nuget.org/v3/index.json. You can simply change the target feed URL to the v3 NuGet feed of a MyGet repository you have access to, and we'll query that one instead.

Can I target private MyGet feeds?

If you have an access token that grants you read-access to the MyGet repository, you can leverage MyGet's support for pre-authenticated feed URLs. Make sure you target the pre-authenticated v3 NuGet endpoint. See our documentation for further guidance.

Have fun exploring the various semantic version constraints NuGet provides! And happy packaging!