.NET Zone is brought to you in partnership with:

I’ve been a Windows developer since 3.0 and caught the Visual Basic wave early with v1. I’ve released a “production” application in every version of VB since then (except VB for DOS). Focusing on enterprise, line-of-business development I’ve built Call Center Applications, Mortgage finance systems, Customer Relationship Management tools and more recently I’ve been in the Litigation Support/Electronic Data Discovery/Electronically Stored Information space. Greg is a DZone MVB and is not an employee of DZone and has posted 475 posts at DZone. You can read more from them at their website. View Full User Profile

NuGet Your Enterprise?

05.02.2013
| 3312 views |
  • submit to reddit

simple talk - Taking NuGet to the Enterprise

The NuGet package manager  is a great way for developers to install and update third-party tools. It solves a lot of the problems of dependency management and integration. Is it ready for the exacting requirements of  development in the enterprise?

...

  • NuGet as That Tool
  • A World Without NuGet
  • NuGet… to the rescue?
  • Dependency Management Overview
  • Brief History of NuGet
  • The Enterprise Development Challenge
  • Enterprise Annoyances with NuGet
  • Getting around Nuget annoyances
  • Private NuGet Repository
  • Preparing Packages for the Enterprise
  • Alternative Client Tools
  • Taking NuGet to the Enterprise

Beyond Dependency Management

Several tools – both open source and commercial – have repurposed NuGet components for uses other than dependency management. While these components will obviously share NuGet’s annoyances, the same techniques can be applied to mitigate these annoyances in the enterprise.

One such tool is Chocolatey. It’s described as “somewhat like apt-get, but built with Windows in mind,” and allows users to install programs like Notepad++, Git, and 7Zip with a single command at the Command Prompt. The Chocolatey client accomplishes this by downloading the corresponding .nupkg file from chocolatey.org and executing the install.ps1 contained within.

Obviously, most of NuGet’s dependency management annoyances aren’t applicable with Chocolatey, but Package Verification, Arbitrary PowerShell Script Execution, and Unexpected Licensing are equally – if not more – problematic. But they can all be mitigated with a private NuGet repository and careful package preparation.

Another tool that uses NuGet components is Red Gate’s Deployment Manager. Essentially, it retrieves application components (which have been packaged as NuGet packages) from a private NuGet repository and deploys those components to various servers. But in this case, since the packages come from known sources (i.e. built by the organization), used outside of the context of development, and are already housed in a private repository, none of NuGet’s annoyances have transferred.

All new tools brought in the enterprise need to be carefully adopted, but as these examples show, just because a tool uses NuGet components doesn’t mean that it inherits NuGet’s annoyances. And even if it does (as is the case with Chocolatey), it’s just as easy to mitigate.

At work we had a discussion about just this yesterday, about leveraging NuGet with a private repository, primarily for sharing in-house bin's. But also to re-purpose NuGet too as a "service" repository. I hadn't thought to use a private repository for storing of third-party stuff we've licensed. In hindsight that seems to make a good deal of sense... Interesting... 

Published at DZone with permission of Greg Duncan, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)