Reputation: 153
How does dotnet restore prioritize package sources with multiple registries configured?
I'm using two dependencies: one from a public registry and one from a private registry. Currently, dotnet restore pulls my private package from the private registry because it does not exist in the public registry. However, if the private package appears in the public registry in the future, will dotnet restore pull it from there instead?
How can I explicitly configure my project or repository to ensure that the private dependency is only pulled from the specific private registry, even if it becomes available in the public registry?
Additionally, does the configuration work the same way for packages restored locally on a development machine and by Dependabot on GitHub?
What if private registry requires a token to authenticate?
Upvotes: 0
Views: 16
Answers (1)
Reputation: 4672
It should be based on the order of how the package sources are listed in your nugget configuration file.
As long as the public registry is listed last, that will be the last place the treasure process will look. So, your private locations will take precedence.
Upvotes: 0
Related Questions
- Error NU1605 Detected package downgrade
- How can I restore multiple versions of the same package in .NET 8?
- NuGet package restore tries to retrieve in all configured NuGet sources
- How do I enable NuGet Package Restore in Visual Studio?
- How to correct dotnet restore warning NU1604, does not contain an inclusive lower bound?
- Nuget Package Restore Failing with Access to the path '..\packages\Microsoft.Owin.Security.Jwt\4.0.0' is denied
- dotnet restore fails with NU1101 for private Github package in Docker container, but works on my local machine
- dotnet restore with custom source and official feed