[英]Best Practices for Transitive Package References in NuGet
I am relatively new to the new .NET project format, and was looking to solicit some opinions on how best to manage a library's dependencies.我对新的 .NET 项目格式比较陌生,希望就如何最好地管理库的依赖项征求一些意见。
Let's say I am writing a library (intended to be shared as a NuGet package) which contains some ASP.NET core functionality.假设我正在编写一个包含一些 ASP.NET 核心功能的库(旨在作为 NuGet 包共享)。
In my library's csproj file, I can add a reference to Microsoft.AspNet.Core
and happily use everything I want from it or any of its transitive dependencies.在我的库的 csproj 文件中,我可以添加对
Microsoft.AspNet.Core
的引用,并愉快地使用我想要的一切或它的任何传递依赖项。
An alternative approach would be to explicitly add references for each part of AspNet.Core that I use, as I start using types from those packages.另一种方法是为我使用的 AspNet.Core 的每个部分显式添加引用,因为我开始使用这些包中的类型。 For example, to add a package reference to
Microsoft.AspNetCore.Http.Abstractions
the first time I use HttpContext
.例如,在我第一次使用
HttpContext
时添加对Microsoft.AspNetCore.Http.Abstractions
的包引用。
To me, the latter approach seems like it would be preferable.对我来说,后一种方法似乎更可取。 It provides a more clear description of the actual dependencies of my package, and is not susceptible to breaking in the same way as referencing
Microsoft.AspNet.Core
may be when updating to a version which may remove Microsoft.AspNetCore.Http.Abstractions
from its transitive dependency graph.它提供了对我的包的实际依赖关系的更清晰的描述,并且不容易像引用
Microsoft.AspNet.Core
那样在更新到可能从其删除Microsoft.AspNetCore.Http.Abstractions
的版本时发生传递依赖图。
If the general consensus is indeed the latter approach described above, is there any way to enforce this behaviour?如果普遍共识确实是上述后一种方法,是否有任何方法可以强制执行此行为? For example, by failing a build if a project references types in a transitive dependency?
例如,如果项目引用传递依赖中的类型,则构建失败?
Really interested to hear everyone's thoughts on this!真的很想听听大家对此的看法!
I'm an experienced C# developer and maintainer of several NuGet packages.我是几个 NuGet 包的经验丰富的 C# 开发人员和维护人员。 Though those packages don't actually have any dependencies.
尽管这些包实际上没有任何依赖关系。
I agree that the latter approach of only referencing the exact packages used is preferable.我同意后一种仅引用所使用的确切包的方法更可取。 This has several advantages:
这有几个优点:
I recently had to file a bug due to the third situation.由于第三种情况,我最近不得不 提交一个错误。 The xUnit library provides their assertions in two different packages
xunit.assert
and xunit.assert.source
. xUnit库在两个不同的包
xunit.assert
和xunit.assert.source
中提供它们的断言。 The second enables you to extend the assertion class with custom assertions.第二个使您能够使用自定义断言扩展断言类。 I was using the
xunit.categories
package and it references xunit
which references several packages including xunit.assert
.我正在使用
xunit.categories
包,它引用了xunit
,它引用了几个包,包括xunit.assert
。 So when I tried to switch to using xunit.assert.source
I got a conflict because they contain the same classes.因此,当我尝试切换到使用
xunit.assert.source
时,我遇到了冲突,因为它们包含相同的类。 However, xunit.categories
doesn't even use the assertion portion of xUnit.然而,
xunit.categories
甚至不使用 xUnit 的断言部分。 It should only reference xunit.core
.它应该只引用
xunit.core
。
I think I prefer explicitly referencing packages.我想我更喜欢明确引用包。 However, I can understand the answer may be subjective.
但是,我可以理解答案可能是主观的。
In any case, there is a tool that helps you find transitive package references :无论如何,有一个工具可以帮助您找到可传递的包引用:
https://github.com/spectresystems/snitch https://github.com/spectresystems/snitch
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.