Publishing NuGet packages has traditionally required one uncomfortable compromise: a long-lived API key had to exist somewhere in the delivery pipeline. Even when that secret was stored in a secure CI system, the model still relied on a credential that could be leaked, copied, mis-scoped or forgotten. Once exposed, that key could often be reused until someone noticed the incident and rotated it.
Read Blog Post
Auditing is becoming increasingly important in the everyday life of a developer; however, until now there was no particularly good way in .NET - even the lock file still has its deficiencies. You had to rely on third-party packages in order to carry out real auditing of your packages and references or use security software such as WhiteSource or Snyk.
Read Blog Post.NET now has a very powerful CLI that can also handle NuGet packages very well. But one important feature is missing: check if there are package updates.
Read Blog Post
Kaum ein wirkliches Projekt - sei es im Bereich von .NET, Angular, Node, Java oder anderen Sprachen - kommen heutzutage ohne externe Abhängigkeiten aus.
Read Blog Post