Once you have created a package and have your
.nupkg file in hand, it's a simple process to make it available to other developers, either publicly or privately:
- Public packages are made available to all developers globally through nuget.org as described in this article (requires NuGet 4.1.0+).
- Private packages are available to only a team or organization, by hosting them either a file share, a private NuGet server, Azure Artifacts, or a third-party repository such as myget, ProGet, Nexus Repository, and Artifactory. For additional details, see Hosting Packages Overview.
This article covers publishing to nuget.org; for publishing to Azure Artifacts, see Package Management.
Publish to nuget.org
For nuget.org, you must sign in with a Microsoft account, with which you'll be asked to register the account with nuget.org. You can also sign in with a nuget.org account created using older versions of the portal.
Next, you can either upload the package through the nuget.org web portal, push to nuget.org from the command line (requires
nuget.exe 4.1.0+) , or publish as part of a CI/CD process through Azure DevOps Services, as described in the following sections.
Web portal: use the Upload Package tab on nuget.org
Select Upload on the top menu of nuget.org and browse to the package location.
nuget.org tells you if the package name is available. If it isn't, change the package identifier in your project, rebuild, and try the upload again.
If the package name is available, nuget.org opens a Verify section in which you can review the metadata from the package manifest. To change any of the metadata, edit your project (project file or
.nuspecfile), rebuild, recreate the package, and upload again.
Under Import Documentation you can paste Markdown, point to your docs with a URL, or upload a documentation file.
When all the information is ready, select the Submit button
Create API keys
Sign into your nuget.org account or create an account if you don't have one already.
For more information on creating your account, see Individual accounts.
Select your user name (on the upper right), then select API Keys.
Select Create, provide a name for your key, select Select Scopes > Push. Enter * for Glob pattern, then select Create. (See below for more about scopes.)
Once the key is created, select Copy to retrieve the access key you need in the CLI:
Important: Save your key in a secure location because you cannot copy the key again later on. If you return to the API key page, you need to regenerate the key to copy it. You can also remove the API key if you no longer want to push packages via the CLI.
Scoping allows you to create separate API keys for different purposes. Each key has its expiration timeframe and can be scoped to specific packages (or glob patterns). Each key is also scoped to specific operations: push of new packages and updates, push of updates only, or delisting. Through scoping, you can create API keys for different people who manage packages for your organization such that they have only the permissions they need. For more information, see scoped API keys.
Publish with dotnet nuget push
Change to the folder containing the
Run the following command, specifying your package name (unique package ID) and replacing the key value with your API key:
dotnet nuget push AppLogger.1.0.0.nupkg -k qz2jga8pl3dvn2akksyquwcs9ygggg4exypy3bhxy6w6x6 -s https://api.nuget.org/v3/index.json
dotnet displays the results of the publishing process:
info : Pushing AppLogger.1.0.0.nupkg to 'https://www.nuget.org/api/v2/package'... info : PUT https://www.nuget.org/api/v2/package/ info : Created https://www.nuget.org/api/v2/package/ 12620ms info : Your package was pushed.
See dotnet nuget push.
Publish with nuget push
At a command prompt, run the following command, replacing
<your_API_key>with the key obtained from nuget.org:
nuget setApiKey <your_API_key>
This command stores your API key in your NuGet configuration so that you don't need to repeat this step again on the same computer.
Push your package to NuGet Gallery using the following command:
nuget push YourPackage.nupkg -Source https://api.nuget.org/v3/index.json
Publish signed packages
To submit signed packages, you must first register the certificate used for signing the packages.
nuget.org rejects packages that don't satisfy the signed package requirements.
Package validation and indexing
Packages pushed to nuget.org undergo several validations, such as virus checks. (All packages on nuget.org are periodically scanned.)
When the package has passed all validation checks, it might take a while for it to be indexed and appear in search results. Once indexing is complete, you receive an email confirming that the package was successfully published. If the package fails a validation check, the package details page will update to display the associated error and you also receive an email notifying you about it.
Package validation and indexing usually takes under 15 minutes. If the package publishing is taking longer than expected, visit status.nuget.org to check if nuget.org is experiencing any interruptions. If all systems are operational and the package hasn't been successfully published within an hour, please login to nuget.org and contact us using the Contact Support link on the package page.
To see the status of a package, select Manage packages under your account name on nuget.org. You receive a confirmation email when validation is complete.
Note that it might take a while for your package to be indexed and appear in search results where others can find it, during which time you see the following message on your package page:
Azure DevOps Services (CI/CD)
If you push packages to nuget.org using Azure DevOps Services as part of your Continuous Integration/Deployment process, you must use
nuget.exe 4.1 or above in the NuGet tasks. Details can be found on Using the latest NuGet in your build (Microsoft DevOps blog).
Managing package owners on nuget.org
Although each NuGet package's
.nuspec file defines the package's authors, the nuget.org gallery does not use that metadata to define ownership. Instead, nuget.org assigns initial ownership to the person who publishes the package. This is either the logged-in user who uploaded the package through the nuget.org UI, or the users whose API key was used with
nuget SetApiKey or
All package owners have full permissions for the package, including adding and removing other owners, and publishing updates.
To change ownership of a package, do the following:
- Sign in to nuget.org with the account that is the current owner of the package.
- Select your account name, select Manage packages, and expand Published Packages.
- Select on the package you want to manage, then on the right side select Manage owners.
From here you have several options:
- Remove any owner listed under Current Owners.
- Add an owner under Add Owner by entering their user name, a message, and selecting Add. This action sends an email to that new co-owner with a confirmation link. Once confirmed, that person has full permissions to add and remove owners. (Until confirmed, the Current Owners section indicates pending approval for that person.)
- To transfer ownership (as when ownership changes or a package was published under the wrong account), add the new owner, and once they've confirmed ownership they can remove you from the list.
To assign ownership to a company or group, create a nuget.org account using an email alias that is forwarded to the appropriate team members. For example, various Microsoft ASP.NET packages are co-owned by the microsoft and aspnet accounts, which simply such aliases.
Recovering package ownership
Occasionally, a package may not have an active owner. For example, the original owner may have left the company that produces the package, nuget.org credentials are lost, or earlier bugs in the gallery left a package ownerless.
If you are the rightful owner of a package and need to regain ownership, use the contact form on nuget.org to explain your situation to the NuGet team. We then follow a process to verify your ownership of the package, including trying to locate the existing owner through the package's Project URL, Twitter, email, or other means. But if all else fails, we can send you a new invite to become an owner.