'Nuget - store packages in source control, or not?

We currently don't use nuget for our dependencies, preferring to go old-skool way and stick them all in a libs folder and reference from there. I know. So 1990's.

Anyway, nuget has always made me feel a bit queasy... you know, reliance on the cloud and all that. As such, I'm find myself in the main agreeing with Mark Seeman (see here: http://blog.ploeh.dk/2014/01/29/nuget-package-restore-considered-harmful/) who says:

Personally, I always disable the feature and instead check in all packages in my repositories. This never gives me any problems.

Trouble is, this has changed in version 3, you can't store packages alongside the solution, as outlined here: https://oren.codes/2016/02/08/project-json-all-the-things/. Which sorta screws up checking them into source code.

So, am I worrying about nothing here? Should I drink from the nuget well, or side with Mr Seeman and er on the side of caution?

version-controlnuget


Solution 1:[1]

Storing NuGet packages in source control is a really, really bad idea. I accidentally did it once and I ended up bloating my source code considerably, and that was before .NET Core...

Drink deep from the NuGet well. Most software components are packaged in a similar way these days (NPM, Bower etc). The referenced blog post is two years old and package management is changing rapidly in the .NET world, so here's some of my experience lately.

  • NuGet packages can't be deleted from nuget.org. They can be hidden, but if your application requests a hidden package it will download it as normal. It'll never disappear into the void.
  • 'Enable Package Restore' is no longer glitchy because it's now a default option in NuGet 2.7+. You have no choice anymore.
  • Packages are no longer stored per solution but per machine, which will save a ton of bandwidth and will decrease the initial fetch period when building.
  • If you build a new project using .NET Core, you will have dozens more packages as the entire BCL will be available as NuGet packages. Do you really want to check-in all the System.* packages into source code?

Solution 2:[2]

There is a very simple reason why you want to store Nuget packages in source control. Your organization doesn't want your build server to have internet access.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Damien Dennehy
Solution 2 Bob

Related Questions

Differences between git pull origin master & git pull origin/master

PLC Version Control

Visual Studio 2022 source control not showing changes

What does "replacing" mean in Tortoise SVN changelog?

How can I push a local Git branch to a remote with a different name easily?

How to handle folder of git submodule which is marked as "untracked" in the host repo?

Git in PHPstorm: Unstage files from Git (remove uncommited files from stage)

git reset asks 'more?'

Git: How to make outer repository and embedded repository work as common/standalone repository?

Undo IntelliJ Smart Checkout

How to debug Syncing lock on pushing the current branch to Visual Studio Team Services

How to "time travel" git repository back in revisions?

Is there a way to sort Source Control Providers in VS Code?

How to change the owner of a PR on GitHub / How to commandeer an open GitHub PR

Git tab missing in RStudio after git installed on Windows