NuGet 中传递包引用的最佳实践
[英]Best Practices for Transitive Package References in NuGet
问题描述
I am relatively new to the new .NET project format, and was looking to solicit some opinions on how best to manage a library's dependencies.
我对新的 .NET 项目格式比较陌生,希望就如何最好地管理库的依赖项征求一些意见。
Let's say I am writing a library (intended to be shared as a NuGet package) which contains some ASP.NET core functionality.假设我正在编写一个包含一些 ASP.NET 核心功能的库(旨在作为 NuGet 包共享)。
In my library's csproj file, I can add a reference to Microsoft.AspNet.Core and happily use everything I want from it or any of its transitive dependencies.在我的库的 csproj 文件中,我可以添加对Microsoft.AspNet.Core的引用,并愉快地使用我想要的一切或它的任何传递依赖项。
An alternative approach would be to explicitly add references for each part of AspNet.Core that I use, as I start using types from those packages.另一种方法是为我使用的 AspNet.Core 的每个部分显式添加引用,因为我开始使用这些包中的类型。 For example, to add a package reference to Microsoft.AspNetCore.Http.Abstractions the first time I use HttpContext .例如,在我第一次使用HttpContext时添加对Microsoft.AspNetCore.Http.Abstractions的包引用。
To me, the latter approach seems like it would be preferable.对我来说,后一种方法似乎更可取。 It provides a more clear description of the actual dependencies of my package, and is not susceptible to breaking in the same way as referencing Microsoft.AspNet.Core may be when updating to a version which may remove Microsoft.AspNetCore.Http.Abstractions from its transitive dependency graph.它提供了对我的包的实际依赖关系的更清晰的描述,并且不容易像引用Microsoft.AspNet.Core那样在更新到可能从其删除Microsoft.AspNetCore.Http.Abstractions的版本时发生传递依赖图。
If the general consensus is indeed the latter approach described above, is there any way to enforce this behaviour?如果普遍共识确实是上述后一种方法,是否有任何方法可以强制执行此行为? For example, by failing a build if a project references types in a transitive dependency?例如,如果项目引用传递依赖中的类型,则构建失败?
Really interested to hear everyone's thoughts on this!真的很想听听大家对此的看法!
2 个解决方案
解决方案1
2 2020-07-08 18:43:24
I'm an experienced C# developer and maintainer of several NuGet packages.我是几个 NuGet 包的经验丰富的 C# 开发人员和维护人员。 Though those packages don't actually have any dependencies.尽管这些包实际上没有任何依赖关系。
I agree that the latter approach of only referencing the exact packages used is preferable.我同意后一种仅引用所使用的确切包的方法更可取。 This has several advantages:这有几个优点:
- Helps prevents conflicts between assembly versions by reducing the number of packages your package pulls in通过减少您的包引入的包数量,帮助防止程序集版本之间的冲突
- Minimizes the total added size to projects using your package最小化使用您的包的项目的总添加大小
- May enable advanced scenarios for users of your package可以为您的包的用户启用高级方案
I recently had to file a bug due to the third situation.由于第三种情况,我最近不得不 提交一个错误。 The xUnit library provides their assertions in two different packages xunit.assert and xunit.assert.source . xUnit库在两个不同的包xunit.assert和xunit.assert.source中提供它们的断言。 The second enables you to extend the assertion class with custom assertions.第二个使您能够使用自定义断言扩展断言类。 I was using the xunit.categories package and it references xunit which references several packages including xunit.assert .我正在使用xunit.categories包,它引用了xunit ,它引用了几个包,包括xunit.assert 。 So when I tried to switch to using xunit.assert.source I got a conflict because they contain the same classes.因此,当我尝试切换到使用xunit.assert.source时,我遇到了冲突,因为它们包含相同的类。 However, xunit.categories doesn't even use the assertion portion of xUnit.然而, xunit.categories甚至不使用 xUnit 的断言部分。 It should only reference xunit.core .它应该只引用xunit.core 。
解决方案2
0 2019-10-30 10:52:28
I think I prefer explicitly referencing packages.我想我更喜欢明确引用包。 However, I can understand the answer may be subjective.但是,我可以理解答案可能是主观的。
In any case, there is a tool that helps you find transitive package references :无论如何,有一个工具可以帮助您找到可传递的包引用:
https://github.com/spectresystems/snitch https://github.com/spectresystems/snitch
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.