Centralize your packages in .NET with NuGet

10/7/2024
3 minute read

A feature that isn't really new but still didn't get my attention until recently is: "Central Package Management". So let's have a look at this in this blog post.

Central Package Management - What is it?

Central Package Management is a feature that allows you to define a central location for your NuGet packages. Normally you will have many different packages in different assemblies.

So imagine this: Project A has the following packages:

<PackageRefernce Include="Microsoft.EntityFrameworkCore" Version="8.0.8" />
<PackageRefernce Include="Microsoft.EntityFrameworkCore.SqlServer" Version="8.0.8" />

And Project B has the following packages:

<PackageRefernce Include="Another.Awesome.Library" Version="1.0.0" />
<PackageRefernce Include="Microsoft.EntityFrameworkCore" Version="8.0.8" />

Now you have the same package in two different projects. If you want to update the package in both projects you have to do this manually in both projects (or use your tooling). But there is a different approach: You can simply put all the packages in a central location and reference them from there.

That is where the Directory.Packages.props comes into play. Kind of like the Directory.Build.props file it would be in the root of your project and every project inherits from it. How does it look like? Here is an example:

<Project>
  <PropertyGroup>
    <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
  </PropertyGroup>

  <ItemGroup>
    <PackageVersion Include="Another.Awesome.Library" Version="1.0.0" />
    <PackageVersion Include="Microsoft.EntityFrameworkCore" Version="8.0.8" />
    <PackageVersion Include="Microsoft.EntityFrameworkCore.SqlServer" Version="8.0.8" />
  </ItemGroup>
</Project>

The ManagePackageVersionsCentrally is a property that tells the project to manage the package versions centrally. Keep in mind that we are using the PackageVersion iinstead of the PackageReference! Our projects now look like this:

<PackageReference Include="Microsoft.EntityFrameworkCore" />
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer"/>

And:

<PackageReference Include="Another.Awesome.Library" />
<PackageReference Include="Microsoft.EntityFrameworkCore"/>

So we dropped the version entirely. The version is now managed in the central (hence the name CPM) Directory.Packages.props file. If you want to update a package you simply update the version in the Directory.Packages.props file and all projects will use the new version.

Directory.Build.props vs Directory.Packages.props

Hey, wait a minute! Isn't there already a Directory.Build.props file? Yes, there is. But the Directory.Build.props file is for build configurations and not for package management. And while you can do reference packages here, every project (if not specified otherwise) will inherit from the Directory.Build.props and include the listed packages.

So in the Directory.Packages.props you also can define your test packages, your production packages, etc. and reference them in your projects. But surelyDon't call me Shirley you don't want testing reference in your production code.

But, there are some packages you do want to have everywhere! And while Directory.Build.props is a good place for that, the Directory.Packages.props offers you an alternative:

<Project>
	<PropertyGroup>
		<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
	</PropertyGroup>

	<ItemGroup Label="Code Analyzers">
		<GlobalPackageReference Include="SonarAnalyzer.CSharp" Version="9.32.0.97167" PrivateAssets="All" IncludeAssets="Runtime;Build;Native;contentFiles;Analyzers"/>
	</ItemGroup>
</Project>

Stuff like analyzers can be put in the Directory.Packages.props file and be available in all projects (thanks to the GlobalPackageReference).

Not everything is sunny

There are some caveats with Central Package Management. One thing you can't use is floating versions. So stuff like:

<PackageReference Include="Microsoft.EntityFrameworkCore" Version="8.*" />

That might not be a big dealbreaker for some, but it is something to keep in mind.

Conclusion

Central Package Management is a great feature that allows you to manage your packages in a central location. If you want to read more, head over to the Microsoft site: https://learn.microsoft.com/en-us/nuget/consume-packages/central-package-management

UNO Platform - Build a Todo App - Part 4

In the forth part we will take care of our newly created todo item. Until now we clicked on a button and that's all. Sure we have a nice form where we can enter the basic information, but that is all.

The time has come to put our element into the respective swimlane. We will also learn how to add further nuget packages to our project.

Checking your solution for NuGet vulnerabilities or deprecated packages

While your software might be the best in the world, it's only as good as the libraries it uses. In this small blog post, we will discover how to check your solution for NuGet vulnerabilities or deprecated packages.

Central nuget store for your UNO Platform App

With the newest UNO Platform update to .NET 6 we can leverage some cool things to simplify our dependency management. We combine .NET 6 with the new feature called Directory.Build.props to make that work.

An error has occurred. This application may no longer respond until reloaded. Reload x