8000 Audit sources info incorrect in relation to `dotnet list package --vulnerable` usage · Issue #14371 · NuGet/Home · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Audit sources info incorrect in relation to dotnet list package --vulnerable usage #14371
New issue
New issue
Open
Open
Audit sources info incorrect in relation to dotnet list package --vulnerable usage#14371
Assignees
Nigusu-Allehu
Labels
Functionality:ListPackagedotnet.exe list packagePriority:1High priority issues that must be resolved in the current sprint.Product:dotnet.exeType:Docs
@Frulfump

Description

@Frulfump
Frulfump
opened on Jun 18, 2025

Docs Page URL

https://learn.microsoft.com/en-gb/nuget/concepts/auditing-packages

Description of the Issue

Audit sources are not used by dotnet list package --vulnerable at this time.
https://learn.microsoft.com/en-gb/nuget/concepts/auditing-packages#audit-sources

But this was added in NuGet 6.14 according to the release notes https://learn.microsoft.com/en-us/nuget/release-notes/nuget-6.14

dotnet list package --vulnerable should support auditSources - #13767

And is included in the 9.0.300 SDK as per the same page

(the wording of should is a bit funny, but it stems from the issue title) the PR that implemented it is here NuGet/NuGet.Client#6237

Suggested Fix

Include some info about it being available in 9.0.300+ SDKs

Additional Context

N/A

Metadata

Metadata

Assignees

Labels

Functionality:ListPackagedotnet.exe list packagePriority:1High priority issues that must be resolved in the current sprint.Product:dotnet.exeType:Docs

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    0