New Feature! Communicate directly with MyGet Support via Intercom

You spoke; we listened More development teams—big and small—are joining MyGet to make their package management and SDLC more efficient and secure than ever before. As so many new users have joined, we have started to hear some feedback that you would appreciate an enhanced MyGet support experience. We heard you and are happy to announce that we’ve migrated our MyGet Customer Support processes to the Intercom platform for a seamless, efficient support experience for...

An Exciting New Chapter for MyGet

Today we are thrilled to announce that MyGet has been acquired by Assembla. We started MyGet in 2011 with the goal of providing the market a package-management service that truly stood out above the others. In that time, and with the help of our amazing customers, we were able to grow MyGet to 40,000 users. This has been in no small way related to the success our clients have had in their business pursuits. While...

New Website/App Look and Feel

We are excited to announce that MyGet.org, the login page, and the app will be getting an updated look and feel by the end of this week! Nothing in the app will move and all functionality will remain the same. You’ll simply see some color and styling changes to the app and website. To give you a sneak peek of of what you’ll be seeing, we’ve put together some preview shots. We look forward to...

NPM security advisory

TL;DR: If you are using NPM and have installed the package eslint-scope 3.7.2, we recommend you to revoke your MyGet access tokens. Security Advisory At MyGet, we’re always closely monitoring security events in the package management space, and we want you to be aware of a vulnerability incident that hit npm users today. The full incident report can be read on the npmjs.org status page. A well-known popular npm package, eslint-scope (version 3.7.2) was published...

Accidental account deleted notification - what happened

On May 17, 2018, a subset of 2.500 MyGet users accidentally received an automated e-mail informing their account was deleted due to inactivity (while no user data was in fact, removed). We want to apologize for this accidental e-mail, and detail our investigation into why this happened. Since a couple of weeks, we are tracking inactive users on our free plan, for two reasons. First, of course, it would be nice if those users become...

MyGet symbol server helps mitigate CVE-2018-1037

On April 10, 2018, Microsoft released a security update, CVE-2018-1037 , describing how Visual Studio can improperly disclose limited contents of uninitialized memory while compiling program database (PDB) files. The memory leaked is limited to typically low-risk variables used in the application build environment, and only information that the Visual Studio executable uses when compiling projects. If your PDB/symbol files are shared publicly, this information could be extracted. Visual Studio versions have been patched, so...

Deprecating Facebook, OpenID and StackExchange login to MyGet

TL;DR: MyGet will retire Facebook, OpenID and StackExchange login to MyGet on March 9, 2018. Historically, MyGet has been using the Microsoft Azure Access Control Service (ACS). It allowed our users to easily create a MyGet account from an existing third-party login system, like Microsoft Account, Google Account, GitHub authentication, … With Microsoft sunsetting the ACS service and having to migrate to a different service, we are re-evaluating which third-party login types we want to...

MyGet 2017.2 Release Notes

We are happy to announce MyGet 2017.2 was released on December 13, 2017! Full release notes are available from our docs. Highlights Next to some new features and many fixes, this 2017.2 release of MyGet again adds some new functionality to the service. Major highlights of this release are: We added PHP Composer support, and welcome PHP developers to the MyGet family! (Announcement | Docs) In fact, this also resulted in a bug fix on...