Azure Artifacts: best practices

This article contains some general guidance and best practices when it comes to producing and consuming packages in Azure Artifacts.

Create and publish packages

Follow these guidelines and best practices when creating or publishing your packages.

  • Each repository should only reference one feed:

    A feed is an organizational construct to host packages. You can have multiple feeds for a project but a particular project should only reference one feed. If you want to use packages from multiple feeds, use upstream sources to access packages from multiple feeds through a single upstream.

  • Automatically publish newly created packages to your feed:

    This will populate the @local view of your feed. See Feed views to learn more about feed views and upstream sources.

  • Enable retention policies to automatically clean up old package versions:

    Deleting old package versions improves client performance and releases storage space. You can choose how many versions of a package to retain when setting up your retention policy.

  • Promote your package to the correct view:

    When a package is ready for early adopters, select that package from within your feed and promote it to the @prerelease view. When the package is deemed of sufficient quality to be released, promote that package to the @release view.

    Promoting package versions to a view ensures they won't be deleted by retention policies. For more information on views, check out the Feed views article.

  • If external teams are consuming your packages, ensure that @release and @prerelease views are visible across the organizations:

    If these views aren't visible, teams won't have access to your packages.

Consume packages

Follow these guidelines and best practices when consuming packages from feeds and upstream sources.

  • Configure upstream sources for your feed:

    If you want to consume packages from public registries such as NuGet.org or npmjs.com, you should consider adding upstream sources to your feed.

    For more information, see Understand upstream sources and how to configure upstream sources.

  • Sources not in your organization but in the same AAD tenant should be added using the feed locator:

    The feed locator uses the following syntax: azure-feed://<organization>/<projectName>/<feed>@<view>

  • Ensure that the order of the sources matches your desired package resolution order:

    The feed will check each upstream in order, returning the package from the first source that can provide it.

  • To avoid confusion, we recommend placing any public upstreams FIRST in your resolution order:

    This prevents other sources from overriding well-known packages with altered or incompatible versions.

Next steps