A Visual Studio extension that checks and notifies about available updates for the installed NuGet packages in the current solution.
- Checks for updates, deprecations and vulnerabilities when a solution is opened
- Shows an info bar with the number of available updates, deprecations and vulnerabilities
- Shows an info bar with vulnerabilities found in transient packages
- Provides a package management tool window that gives an instant overview over all packages, with a lean and fast package update functionality
- Works with .NET Framework projects and with .NET projects using
PackageReferenceitems
- Visual Studio 2022
After a solution is loaded, available updates and possible issues are shown in the Solution Explorer
Dependent on the size of the solution it may take some time until the info bars appear.
The package manager can be opened via the entry in the Tools menu.
The package manager shows all installed packages of the current solution. Updating a single package is just one click, multiple packages can be updated via the tool bar button after selecting the packages.
Compared to the original NuGet Package Manager updating packages is very fast, because the package version is instantly updated without validation against other packages - however version conflicts may show up only at the next build and have to be resolved manually.
Shared package references, e.g. in the Directory.Build.props file, are handled gracefully, and will not be replaced by Update entries in every project.
CentralPackageManagement (PackageVersion entries) are supported as well.
A justification property can be added to PackageReference or PackageVersion entries, to e.g. document why a reference is pinned and can't be updated
<PackageReference Include="Newtonsoft.Json" Version="[13.0.1]" Justification="Can't update due to Visual Studio extension limitations">A mitigation element can be added to suppress warnings for transitive dependencies that can't be updated due to project limitations but have been evaluated to not affect the product security.
<PackageMitigation Include="Newtonsoft.Json" Version="13.0.1" Justification="Can't update due to Visual Studio extension limitations">This view allows to investigate how transitive dependencies are introduced into the projects.
It lists all transitive dependencies per project, and shows their ancestor tree, where the terminal bold entry is the package reference used in the project.
The context menu for every entry offers to copy ready made XML snippets for PackageReference, PackageVersion or PackageMitigation that can be directly inserted into the project file to fix transitive dependencies.
A big thanks goes to AnushaG2201!
I was playing with the idea for this extension for quite a while but never figured out how I would create this extension.
That is until I saw the Nuget-updates-notifier (GitHub) which gave me the remaining puzzle pieces, so that I could create my own version.
A big thanks goes to tom-englert!
A massive improvement PR really improved the quality of this extension.
NuGet Client SDK / NuGet.Protocol
Visual Studio Extensibility Cookbook - Notifications