Redigera

Dela via


Publish NuGet packages

Once you create a NuGet package and have a .nupkg file, you can make the package available to other developers either publicly or privately. This article describes how to share public packages globally through nuget.org.

You can also make private packages available to only a team or organization by hosting them on a file share, a private NuGet server, or a third-party repository such as myget, ProGet, Nexus Repository, or Artifactory. For more information, see Host your own NuGet feeds. For publishing with Azure Artifacts, see Publish packages to NuGet.org.

Publish to nuget.org

To publish on nuget.org, sign in to nuget.org with a Microsoft account, and use it to create a free nuget.org account. Follow the instructions at Add a new individual account.

Screenshot that shows the NuGet sign in link.

Once you have an account, you can publish a package to nuget.org by using the nuget.org web portal, the dotnet CLI, or the NuGet CLI version 4.1.0 or above. You can also publish packages through Azure Pipelines.

Upload to the nuget.org web portal

To upload a package to the nuget.org website:

  1. Select Upload on the top menu at nuget.org, browse to the package on your computer, and select Open.

    Screenshot that shows the Upload dialog on nuget.org

    If the package ID already exists on nuget.org, you get an error. Change the package identifier in your project, repack, and try the upload again.

  2. If the package name is available, the Verify section opens so you can review the metadata from the package manifest. If you included a readme file in your package, select Preview to make sure all content renders properly.

    To change any of the metadata, edit your project file or .nuspec file, rebuild, repack, and upload again.

  3. When all the information is ready, select Submit.

Push by using a command line

To push packages to nuget.org with a command line, you can use either dotnet.exe or nuget.exe v4.1.0 or above, which implement the required NuGet protocols. For more information, see NuGet protocols.

To use either command line, you first need to get an API key from nuget.org.

Create an API key

  1. Sign into your nuget.org account or create an account if you don't have one already.

  2. Select your user name at upper right, and then select API Keys.

  3. Select Create, and provide a name for your key.

  4. Under Select Scopes, select Push.

  5. Under Select Packages > Glob Pattern, enter *.

  6. Select Create.

  7. Select Copy to copy the new key.

    Screenshot that shows the new API key with the Copy link.

Important

  • Always keep your API key a secret. The API key is like a password that allows anyone to manage packages on your behalf. Delete or regenerate your API key if it's accidentally revealed.
  • Save your key in a secure location, because you can't copy the key again later. If you return to the API key page, you need to regenerate the key to copy it. You can also remove the API key if you no longer want to push packages.

Scoping lets you create separate API keys for different purposes. Each key has an expiration timeframe, and you can scope the key to specific packages or glob patterns. You also scope each key to specific operations: Push new packages and package versions, push only new package versions, or unlist.

Through scoping, you can create API keys for different people who manage packages for your organization so they have only the permissions they need.

For more information, see scoped API keys.

Use the dotnet CLI

From the folder that contains the .nupkg file, run the following command. Specify your .nupkg filename, and replace the key value with your API key.

dotnet nuget push Contoso.08.28.22.001.Test.1.0.0.nupkg --api-key qz2jga8pl3dvn2akksyquwcs9ygggg4exypy3bhxy6w6x6 --source https://api.nuget.org/v3/index.json

The output shows the results of the publishing process:

Pushing Contoso.08.28.22.001.Test.1.0.0.nupkg to 'https://www.nuget.org/api/v2/package'...
  PUT https://www.nuget.org/api/v2/package/
warn : All published packages should have license information specified. Learn more: https://aka.ms/nuget/authoring-best-practices#licensing.
  Created https://www.nuget.org/api/v2/package/ 1221ms
Your package was pushed.

For more information, see dotnet nuget push.

Note

If you want to avoid your test package being live on nuget.org, you can push to the nuget.org test site at https://int.nugettest.org. Note that packages uploaded to int.nugettest.org might not be preserved.

Use the NuGet CLI

  1. At a command prompt, run the following command, replacing <your_API_key> with the key you got from nuget.org:

    nuget setApiKey <your_API_key>
    

    This command stores your API key in your NuGet configuration so you don't need to enter the API key again on the same computer.

    Note

    This API key isn't used to authenticate with private feeds. To manage credentials for authenticating with these sources, see the nuget sources command.

  2. Push the package by using the following command:

    nuget push YourPackage.nupkg -Source https://api.nuget.org/v3/index.json
    

Publish with Azure Pipelines

You can push packages to nuget.org with Azure Pipelines as part of your continuous integration/continuous deployment (CI/CD) process. For more information, see Publish NuGet packages with Azure Pipelines.

Publish a signed package

To submit a signed package, you must first register the certificate you used to sign the package. If you don't meet the signed package requirements, nuget.org rejects the package.

Package size limits

Nuget.org has a package size limit of about 250 MB. When a package exceeding that limit is uploaded the following error is displayed:

The package file exceeds the size limit. Please try again.

If such package is pushed from the command line, the following output is produced:

  RequestEntityTooLarge https://www.nuget.org/api/v2/package/ 13903ms
error: Response status code does not indicate success: 413 (The package file exceeds the size limit. Please try again.).

If you are getting this errors consider revising the package content to reduce its size. If you are packing debug symbols into your package consider publishing them separately. Other assets can be published separately as one or more dependency packages to spread them into smaller chunks.

Package validation and indexing

Packages pushed to nuget.org undergo several validations, such as virus checks, and existing packages are periodically scanned. When the package passes all validation checks, it might take awhile to be indexed and appear in search results. While the package is being indexed, it appears under Unlisted Packages, and you see the following message on the package page:

Screenshot of a message indicating that a package isn't yet published.

Once validation and indexing are complete, you receive an email that the package was successfully published. If the package fails a validation check, the package page updates to display the associated error, and you receive a notification email.

Package validation and indexing usually take less than 15 minutes. If package publishing is taking longer than expected, check nuget.org status at status.nuget.org. If all systems are operational and the package isn't successfully published within an hour, contact nuget.org by using the Contact support link on the package page.

To see package status, select Manage packages under your account name at upper right on nuget.org, and select the package from Published Packages or Unlisted Packages.

Manage package owners on nuget.org

Package owners have full permissions for the package, including adding and removing other owners and publishing updates.

Although the NuGet package's .nuspec file defines the package's authors, nuget.org doesn't use that metadata to define ownership. Instead, nuget.org assigns ownership to the person who publishes the package, either the signed-in user who uploaded the package, or the user whose API key was used with dotnet push, nuget SetApiKey, or nuget push.

To change ownership of a package:

  1. Sign in to nuget.org with the account that currently owns the package.

  2. Select your account name at upper right, select Manage packages, and expand Published Packages.

  3. Select the package you want to manage, and on the right side of the package page, select Manage package.

  4. On the package management page, select Owners.

  5. Take one of the following actions:

    • Select Remove to remove the current owner.

    • Add an owner under Add owner by entering their user name and a message, and selecting Add.

      This action sends an email to the new co-owner with a confirmation link. Once confirmed, that person has full permissions to add and remove owners. Until confirmed, the Current owners section shows pending approval for that person.

To transfer ownership, as when ownership changes or a package publishes under the wrong account, add the new owner. Once they confirm ownership, they can remove the old owner from the list.

To assign ownership to a company or group, create a nuget.org account with an email alias that forwards to the appropriate team members. For example, various Microsoft ASP.NET packages are co-owned by the microsoft and aspnet accounts.

Occasionally, a package might not have an active owner. For example, the original owner might have left the company that produced the package. If you're the rightful owner of a package and need to regain ownership, use the contact form on nuget.org to explain your situation to the NuGet team. The team follows a process to verify your ownership, including trying to locate the existing owner, and can send you a new invitation to become the package owner.

Next steps