|
A wise little program once helped me put god knows how many security vulnerabilities in my C# projects. SInce the other nugget thread got closed, I want to hear any and all wisdom regarding nuget. TIA.
|
#
?
Dec 29, 2021 14:04
|
|
|
|
| # ? Apr 28, 2024 23:57 |
|
|
it seemed like a miserable experience and really put me off c# in general
|
|
#
?
Dec 29, 2021 15:50
|
|
|
it's like npm, but for a big boy language that they expect you to use for serious enterprise software it sucks big time and makes no sense
|
|
#
?
Dec 29, 2021 15:53
|
|
|
its… fine? i can pull in packages and if I pull in garbo packages it’s on me. i would’ve pulled the garbo package without nuget as well
|
|
#
?
Dec 29, 2021 15:58
|
|
|
you can make your own nuget and name it something fun! like a yospos nuget could be named yuget or nupos
|
|
#
?
Dec 29, 2021 16:02
|
|
|
Jabor posted:it's like npm, but for a big boy language that they expect you to use for serious enterprise software It's always worked fine for me, our infra team hosted an internal one and then it all worked perfectly from visual studio. i never had to do anything weird and didn't have many non internal/non-MS dependencies but I think that's kind of the point of using c#
|
|
#
?
Dec 29, 2021 16:06
|
|
|
Oh yeah, it'll always say that you need to update 110 packages, but you really only need to update 40 of them. If you update everything all your code will stop working.
|
|
#
?
Dec 29, 2021 16:09
|
|
|
Sorry I can’t post yet I’m have to fix some conflicting newtonsoft versions first.
|
|
#
?
Dec 29, 2021 16:33
|
|
|
nuget out
|
|
#
?
Dec 29, 2021 16:47
|
|
|
tk posted:Sorry I can’t post yet I’m have to fix some conflicting newtonsoft versions first. Hey, let me know the resolution for this. You'd think MS would just.... incorporate newtonsoft json into c# at this point. It's in almost every project. Makes you wonder what kind of clever exploit name it's going to get when someone finds a vulnerability.
|
|
#
?
Dec 29, 2021 16:53
|
|
|
SYSV Fanfic posted:Hey, let me know the resolution for this. You'd think MS would just.... incorporate newtonsoft json into c# at this point. It's in almost every project. Makes you wonder what kind of clever exploit name it's going to get when someone finds a vulnerability. They've released their own (faster) JSON parsing library. I think it was done with the cooperation of the newtsoft guy, it at least wasn't contentious
|
|
#
?
Dec 29, 2021 16:59
|
|
|
Captain Foo posted:nuget out
|
|
#
?
Dec 29, 2021 17:00
|
|
|
here's a nuget of wisdom: running a local nuget repo sucks
|
|
#
?
Dec 29, 2021 17:51
|
|
|
just copy the libraries you need into /lib and check them into your vcs.
|
|
#
?
Dec 29, 2021 17:58
|
|
|
pointsofdata posted:They've released their own (faster) JSON parsing library. I think it was done with the cooperation of the newtsoft guy, it at least wasn't contentious I totally missed them doing this, this is good to know.
|
|
#
?
Dec 29, 2021 18:29
|
|
|
Captain Foo posted:nuget out 
|
|
#
?
Dec 29, 2021 18:38
|
|
|
akadajet posted:here's a nuget of wisdom: running a local nuget repo sucks idk i found it to be insanely easy, but also you should be using your azure devops repo instead. nuget sucks for a bunch of reasons tho. it allows for scripting that runs when packages are added or removed which is just stupid. the reason this was done is also stupid: msbuild sucks poo poo. it doesnt have good extensibility, so everything must be managed through procedural build steps in your project file. many nuget scripts modify your config file to add build steps. this causes all the problems you think it would since theres no guarantee the project file is in a state appropriate for the scripts to run and the scripts cant possibly handle every edge case. likewise when you remove these packages they will often try to remove the poo poo they did to your project file which will almost always break something. the way nuget handles symbols is loving stupid. you can have nuget create symbol packages, but visual studio cant use them. Symbol packages are intended to be loaded to a symbol server and then visual studio connects to that. Symbol servers are an archaic and stupid concept where you have symbols stored somewhere on the network and when you need them visual studio tries to find them on the server. servers are configured at the user level, not at the project or solution level. this means any time you try to search for symbols in any project ever it searches all your symbol servers. So all the slowness of network processing is compounded by the number of servers you have. The alternative to this would be to just to throw the symbol server feature in the dumpster where it belongs and instead download the nuget symbol package (if it exists) for the specific package you're using and then use those symbols locally. or just switch to using source packages like maven does which works way way way better.
|
|
#
?
Dec 29, 2021 20:06
|
|
|
holy poo poo its even worse than i imagined
|
|
#
?
Dec 29, 2021 20:13
|
|
|
these days people dont use the scripting stuff, but the symbols are still a pain in the dick
|
|
#
?
Dec 29, 2021 20:15
|
|
|
the scripting issues are also not really nuget's fault, as they were always hacks for failings in msbuild. msbuild should have been relegated to legacy languages and dumpstered for a maven clone.
|
|
#
?
Dec 29, 2021 20:17
|
|
|
ted nuget
|
|
#
?
Dec 30, 2021 01:45
|
|
|
Silver Alicorn posted:ted nuget strangehold
|
|
#
?
Dec 30, 2021 01:48
|
|
|
my nugget wisdom is that you can put those veggie buffalo wings in the air fryer for about 13 minutes to get a good tasty crisp *very important* I’m only talking about the morning star faux meat ones. idk how cauliflower wings would work
|
|
#
?
Dec 30, 2021 06:42
|
|
|
nuget is pretty good. setting up your own nuget infrastructure is...fine. C# is the lord's language. unfortunately, no package manager is going to stop you from downloading bad software hth
|
|
#
?
Dec 30, 2021 19:58
|
|
|
im going to smoke some nugets of weed if you know what i mean.
|
|
#
?
Dec 30, 2021 20:00
|
|
|
Canine Blues Arooo posted:nuget is pretty good. setting up your own nuget infrastructure is...fine. C# is the lord's language. unfortunately, no package manager is going to stop you from downloading bad software hth C# is great and its the best for web poo poo, but msbuild/nuget is absolutely awful when you contrast it with maven.
|
|
#
?
Dec 30, 2021 21:22
|
|
|
Shaggar posted:C# is great and its the best for web poo poo, but msbuild/nuget is absolutely awful when you contrast it with maven. on the other hand log4net doesn’t have any published rces so sticking with c# is the pro move
|
|
#
?
Dec 31, 2021 21:25
|
|
|
tbh its wierd to me that anyone ever used log4j 2.0 at all. its litterrally a clone of slf4j but it came out years after slf4j so i'd think most people are either still using 1.2 or migrated to slf4j. who starts a new project with log4j 2.0? ive been out of the java world for years now, tho, so idk.
|
|
#
?
Dec 31, 2021 21:33
|
|
|
Shaggar posted:tbh its wierd to me that anyone ever used log4j 2.0 at all. its litterrally a clone of slf4j but it came out years after slf4j so i'd think most people are either still using 1.2 or migrated to slf4j. who starts a new project with log4j 2.0? that's my experience doing our internal search for log4j usage. it's all 1.x if log4j at all.
|
|
#
?
Jan 1, 2022 03:50
|
|
|
|
| # ? Apr 28, 2024 23:57 |
|
|
same. none of our projects used it. everything is slf4j interfaces with a logback backend
|
|
#
?
Jan 1, 2022 13:30
|
|