License and Security concerns with how Tools and Analyzers are packaged #12941
Labels
Functionality:Pack
Functionality:Restore
Priority:3
Issues under consideration. With enough upvotes, will be reconsidered to be added to the backlog.
Style:PackageReference
Type:Feature
NuGet Product(s) Affected
NuGet.exe, NuGet SDK
Current Behavior
As I understand it right now:
As a package developer, in order to use an assembly in a package, I need to copy the dll of the package assembly into the analyzers folder or the tools folder.
See evidence here -- the cookbook suggests that you package up Newtonsoft.Json in the same folder as the assembly that uses it:
https://github.com/dotnet/roslyn/blob/main/docs/features/source-generators.cookbook.md#use-functionality-from-nuget-packages
Besides the evidence I can also attest to my own anecdotal experience from packaging libraries.
Desired Behavior
As a package developer, I should be able to map the usage of the Dependency assets to my own library.
For example, if I need to use Newtonsoft.Json -> Compile Assets in MyPackage -> Analyzers folder, there should be a way to list that as a dependency, not as a packaged dll.
Just spitballing here, but an idea could be something like
Bonus benefits
Additional Context
The reason why it's important for me is multiple:
The text was updated successfully, but these errors were encountered: