C Sharp

1525 readers

12 users here now

A community about the C# programming language

Getting started

Useful resources

IDEs and code editors

Visual Studio (Windows/Mac)
Rider (Windows/Mac/Linux)
Visual Studio Code (Windows/Mac/Linux)

Tools

Decompilers: ILSpy, dotPeek
Scratchpad: LINQPad
Online playground and IL viewer: SharpLab

Rules

Rule 1: Follow Lemmy rules
Rule 2: Be excellent to each other, no hostility towards users for any reason
Rule 3: No spam of tools/companies/advertisements

Related communities

c/dotnet

founded 1 year ago

MODERATORS

[email protected]

Any way to validate Nuget packets/public repos? (lemm.ee)

submitted 1 year ago by [email protected] to c/[email protected]

5 comments fedilink hide all child comments

How do you all go about validating that there's nothing malicious in your nuget packages?

Is there a best practice for this?

It's easy if the package is from a known source like Microsoft but I'm curious what you do for lesser know people?

I will usually see how many others are using it, probably scan the code in the GITHUB repo. Sometimes if it's a lesser known dev I'll just pull from GITHub rather than using NuGet.

Today however, I was looking at a package and the nuget package itself looks fine but it contains some C++ code that is compiled elsewhere...fine I'll go get that and see. But that code requires CMake and some other 3rd party add-ons which I also have to review.

I'm not aware of any audits on NuGet that would prevent bad people from uploading code. What do you all do to protect the integrity of your software?

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here