.NET

Nuget (Alpha)

FOSSA supports .NET projects that use Nuget.

We look for and analyze the following files for license and dependency information

  • .csproj/.xproj
  • packages.config
  • project.json
  • .nuspec

FOSSA will find any package available on www.nuget.org/packages

We currently use the NuGet API v3 to fetch metadata and package information

License files

If a license file is given as a URL (in a .nuspec file via the licenseUrl property) FOSSA will attempt to go out and retrieve the license file and add to the project root. These will be labeled as LICENSE_<license-name>.txt when viewing license matches inside FOSSA

Dependency Resolution

If an exact version is not given (i.e. a version range), FOSSA will resolve a dependency to the highest patch version (using the major.minor.patch.build convention)

Documentation on versioning: Version range spec

Limitations

  • We do not currently support project.lock.json files
  • We do not currently support files, references, or frameworkAssemblies in the .nuspec file
  • FOSSA does not currently support private nuget feeds. We default to https://api.nuget.org/v3/index.json
  • We only support utf8 encoding for .nuspec files.
  • We don't look at Frameworks in the project.json/packages.config file
  • We don't look at NuGet.config file.