dotnet list package should show RID specific packages #13978
Labels
Area:NuGetAudit
Functionality:ListPackage
dotnet.exe list package
Priority:3
Issues under consideration. With enough upvotes, will be reconsidered to be added to the backlog.
Type:DCR
Design Change Request
Comments
zivkan
added
Priority:3
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
NuGet Product(s) Affected
dotnet.exe
Current Behavior
dotnet list package --vulnerable --include-transitivedoes not list some packages that NuGetAudit (restore) does. This is because audit will check all RID graphs, butdotnet list packageonly checks the no-RID graphs.Desired Behavior
Any package that NuGetAudit reports as vulnerable during restore should also be discoverable with
dotnet list package.However, when a project contains multiple RIDs, and the graphs are the same, it should show 'groups' with the same package list, to avoid long output that is difficult to understand. See
dotnet nuget whyfor an example.Additional Context
list package previously did show packages from all the RIDs (although it didn't tell you that it was a RID-specific graph, or what the RID was), but it was removed because it looked like redundant output:
The text was updated successfully, but these errors were encountered: