Problem with the Nuget system

[Neal]

I love nuget's but it has a few problems IMHO.

1. You don't know what's in them, i.e. changes, etc. without finding the source and reviewing. Most of us, self included, probably blindly install updates and hope for the best
2. The big issue I learned lately is Nuget will offer updates when your solution is not compatible. I've seen this with jquery related items in the past, now it's EF 6 core. I get an update available in Nuget solution manager to update to EF6 Core yet as I have dependencies that use .NET Standard 2.0 EF6 Core can't install. The nuget system needs to inspect the solution to see that it's suggested update would work prior to offering the update. So now I'll have to manually select what's updated to prevent EF6 Core from trying to update.

 

[Skydiver]

Yes. Especially when it offers some updates for jQuery or Bootstrap that are not compatible with the MVC or Razor pages that were generated by an older version of VS. I've always thanked the gods that I use source control and that I can rollback.

Unfortunately, the design of Nuget is to only look at the dependencies of the specific package. In general, the authors of the packages know their own dependencies so they know what is compatible and what is not. Unfortunately, Nuget knows nothing about the solution/project that is using the package.

Sounds like a great side project to create as a MSBuild target that does the right thing. MSBuild (instead of VS or VSCode extension) so that it's available to both people who use dotnet core raw, and not just people who use Visual Studio or Visual Code. Imagine something like msbuild.exe /target:UpdateNugetPackages. The target would look at all the package references as well as take into account the target platform; do an intersection of all their dependencies to determine the maximum compatible versions of the packages and their dependencies; and then finally invoke the appropriate Nuget commands to update packages just up to those versions.