Skip to content

Epic: Improve package validation Β #8875

Open
@rrelyea

Description

dotnet/extensions#2744 details a break that occurred when dotnet core 3.1.0 shipped yesterday. Some packages had added embedded icons...but had two entries.

This item covers a new validation rule - "catch the duplicate zip item' problem. (note, pay attention to encoding too... "foo bar" and "foo%20bar" as item names get extracted to the same file. How should we treat that?

It also needs several places to run... sketch of plan is below:

They use some components of the dotnet pack codepath, but avoided a validation that our pack code already does.

As part of our PackageQuality epic that is coming up soon on our backlog, we have plans to:

  • have a set of concrete guidelines for package quality.
  • increase validations at dotnet pack time
  • add a new entry point to CLI to allow people who custom pack packages to get most of our validation rules run - nuget verify -all foo.nupkg
  • do more validations on the server when nuget.org gets packages submitted
  • nuget.org and vs package manager UI would show a grade (or similar) to show how great (or not) a package is.

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions