This workshop will be retired on May 1, 2025.
Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
Here are a few more things to consider when working with dependencies.
How to Create Your Own Packages
Make Your Own Package Repo with MyGet
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
At the beginning of this workshop,
0:00
I mentioned that NuGet is the main package
management system for all things .NET.
0:01
While looking through
the NuGet package gallery,
0:05
you may have noticed many packages
that don't contain .NET assemblies.
0:09
Bootstrap, for example is a collection
of CSS, JavaScript, and font files.
0:13
The jQuery package only
contains JavaScript files.
0:17
There are no .NET assemblies
in either of these packages.
0:21
I also mentioned that there are usually
separate package management systems for
0:24
each programming language or
popular framework.
0:28
NPM and Bower are the main
package management systems for
0:31
JavaScript libraries.
0:34
And Bower is quickly being
replaced by NPN entirely.
0:36
So you may be wondering why these packages
are found in both package management
0:39
systems and NuGet.
0:42
Main reason they can be found in
NuGet is because these packages
0:44
are often used in web applications.
0:47
And Visual Studio is used a lot for
web development.
0:50
You may have noticed that both Bootstrap
and jQuery are installed as NuGet packages
0:53
when creating an asp.NET MVC
project in Visual Studio.
0:57
Each package management system has
a different way to create packages.
1:02
Package maintainers have to
create separate packages for
1:05
each package system that they want
to use to distribute their library.
1:09
Often times the original
maintainer of the library will
1:13
only upload the package to say NPM for
example.
1:16
Then later another developer
will on their own accord,
1:19
repackage the package for another
package management system like NuGet.
1:23
They weren't created by the original
maintainer of the library and
1:28
may already be out of date by
the time they make it into NuGet.
1:31
Also, the library may have been
altered during repackaging, so
1:35
we might not be getting what
we think we're getting.
1:39
I'm often very wary of packages that don't
come from the original maintainer of
1:42
the library.
1:45
So, I prefer to use the primary
package management system for
1:47
the libraries I need.
1:50
For .NET libraries,
this is almost always NuGet.
1:51
But for other libraries,
it's often a different system.
1:54
It would be nice to be able to
use a single package manager for
1:58
all the dependencies of a project,
but it's also not that much
2:01
of a hassle to use multiple package
management systems for one project.
2:04
In fact, future versions of Visual Studio
will come with even better support for
2:08
using multiple package
management systems side by side.
2:13
NuGet is primarily used to
get code libraries, but
2:16
we've seen that new get packages can
contain more than just .NET assemblies.
2:19
They can also contain tools that can
be run from the command line and
2:24
content files that can
be added to the project.
2:27
I suspect that in the future,
NuGet will be used for
2:30
fetching all sorts of things the developer
might need in Visual Studio.
2:33
For example in the Solution Explorer under
References, we see the word Analyzers.
2:37
This is where any static code
analyzers that are installed for
2:42
the project are listed.
2:46
You can see a list of some
of the analyzers available
2:47
by typing the word analyzer
in NuGet's search field.
2:50
Static code analysis is a topic for
another day though.
2:54
Even with NuGet's ease of use,
2:58
many libraries still don't get
uploaded to the main NuGet repository.
3:00
Just because there isn't
a library in NuGet for
3:05
what you want to do,
doesn't mean it isn't out there.
3:07
In that case,
your best bet is to search the web.
3:10
You may need to download the source
code directly from a website or
3:14
an open source code repository like
GitHub, SourceForge or CodePlex.
3:17
In many cases when
downloading Source Code,
3:23
we still need to compile it
into a .NET assembly ourselves.
3:25
If we're lucky we might be able to
download the precompiled library, but
3:29
what if that library depends on another
library that's provided by someone else?
3:33
Are we sure that we know which
version of the other library we need?
3:38
After tracking down dependencies
this way once or twice,
3:42
it's pretty easy to see how a package
management system is a real time saver.
3:45
I should mention that
package management systems
3:51
often only provide access
to free libraries.
3:54
Libraries that you have to purchase,
called commercial libraries,
3:57
are typically downloadable from
the company's website directly.
4:00
In that case, just cross your fingers that
they make it as painless as possible.
4:04
You always take on some amount
of risk when using code
4:09
written by someone else that isn't
accountable to you or your organization.
4:12
When using third party software and
4:16
libraries, it's your responsibility
to manage this risk.
4:18
The library may have bugs, security holes,
or in some rare cases be malicious.
4:23
Libraries directly from very well
established companies such as Microsoft
4:28
are generally a safe bet.
4:32
However anyone can upload libraries
to package repositories and
4:34
to the web in general.
4:38
If you're not sure
the library is safe to use
4:40
look to see if you can get copies of the
test for the code and run them yourself,
4:43
you can also write your own test.
4:46
if you don't think it's worth the risk
then don't use the library or
4:50
code in your project.
4:53
If you work at an organization,
be sure you know their policy for
4:54
using software libraries and
code from third parties.
4:58
And once again pay attention to
in a bite by software licenses.
5:02
Well that's about all there is to know
about consuming packages with NuGet.
5:06
We haven't even talked about how
to make our own NuGet packages or
5:11
how to set up our own NuGet
package repositories.
5:14
I've included some links in the teacher's
notes if you're curious about
5:17
those aspects.
5:20
NuGet has saved .NET developers
countless hours downloading,
5:22
installing, and updating dependencies.
5:26
I'm sure you'll find that it's
an invaluable tool in your tool set.
5:29
Until next time, I hope you enjoy
the sweet goodness of NuGet.
5:33
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up