Package naming conflicts

Topics: General
Jan 24, 2014 at 2:39 AM
I currently rely on two NuGet feeds: the offical one from for public packages and a folder on our file server for internal packages.

This has worked pretty well, but I also suspect that we have a big problem in the wings. Since NuGet resolves dependencies based on package name and version number, we are at risk of a package conflict. If someone were to happen to publish a package on with the same name as one of our internal packages, then we could end up pulling in the completely wrong package.

I've been trying to think of ways to work around this and I have to ideas, but I'm hoping someone can suggest a better way.

Option one would be to mirror the packages we use from the public feed into our private feed. While this is doable, this seems like a lot of extra work.

Alternatively, I could publish a placeholder package via the feed to reserve the package name. While this seems like it would work, it also seems kind of ugly.

Does anyone have a suggestion of another way?

Jan 29, 2014 at 8:30 PM
Do you have control over how you name your internal packages? I'd say the easiest way to avoid this would be to namespace your own packages, e.g. MyOrganization.MyPackage. Assuming your organization name is reasonably unique, you probably wouldn't run into conflicts.

For what it's worth, we also use our local NuGet repository as a mirror, and it's really not that much work. It just requires a one-time push up to the repo when someone brings in a new package dependency. Our build servers only look at our local repo (and not, so we find out pretty quickly if we forget to mirror the package.