Apr 27, 2012 at 10:16 PM
Edited Apr 27, 2012 at 10:35 PM
I'm using NuGet pack to create a package from a Project. Suppose my project A, depends on B and C. Project B also depends on C. Package A will have B listed as a dependency but not C. Suppose some time later a new version of B is released that no longer
depends on C. New users of A won't get C and will break.
Of course, we can't tell from looking at project A's packages.config which packages we have a direct dependency to and which ones are included because they are transitive dependencies.
Maybe this coulde be resolved by adding a flag to each package in packages.config to indicate if it is a transitive dependency. Then if I were to install a package which was already a transitive dependency it would just clear this flag. And If I uninstall
a package we could search all other packages for this package and if found keep the package reference with the transitive flag set.
The Package Visualizer also suffers from this problem, it omits direct links when a transitive dependency exists.
A workaround is to manually include the missing dependencies in a nuspec file.