dotnet-retire
1.0.4
See the version list below for details.
dotnet add package dotnet-retire --version 1.0.4
NuGet\Install-Package dotnet-retire -Version 1.0.4
<PackageReference Include="dotnet-retire" Version="1.0.4" />
paket add dotnet-retire --version 1.0.4
#r "nuget: dotnet-retire, 1.0.4"
// Install dotnet-retire as a Cake Addin #addin nuget:?package=dotnet-retire&version=1.0.4 // Install dotnet-retire as a Cake Tool #tool nuget:?package=dotnet-retire&version=1.0.4
dotnet-retire
A dotnet
CLI extension to check your project for known vulnerabilities.
Install
As the CLI don't currently allows us to install tools from the cmdline, you'll need to modify your csproj manually.
<ItemGroup>
<DotNetCliToolReference Include="dotnet-retire" Version="1.0.1" />
</ItemGroup>
Or if your project is still using the preview2 tooling, modify your project.json
"tools": {
"dotnet-retire": "1.0.1"
}
Usage
$ dotnet retire
Sample output:
How does it work?
It fetches the packages listed in the corresponding packages
repo in this GitHub organization (link), and checks your projects obj\project.assets.json
or project.lock.json
file for any match (direct, or transient).
Keeping the list of packages up to date will be done via updating that repo when announcements occur from Microsoft with additional json files with links to announcements from Microsofts security team.
Other projects with similar functionality:
SafeNuGet
Runs as part of the build (MSBuild target). Analyzes packages.config, does not handle transient dependencies.
DevAudit
Standalone .NET console app that analyzes a packages.config. Analyzes packages.config, does not handle transient dependencies.
Learn more about Target Frameworks and .NET Standard.
-
.NETCoreApp 1.0
- Microsoft.Extensions.Configuration (>= 1.1.2)
- Microsoft.Extensions.Configuration.Binder (>= 1.1.2)
- Microsoft.Extensions.Configuration.Json (>= 1.1.2)
- Microsoft.Extensions.DependencyInjection (>= 1.1.0)
- Microsoft.Extensions.Logging (>= 1.1.2)
- Microsoft.Extensions.Logging.Console (>= 1.1.2)
- Microsoft.Extensions.Options (>= 1.1.2)
- Microsoft.NETCore.App (>= 1.0.5)
- Newtonsoft.Json (>= 10.0.2)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated | |
---|---|---|---|
5.0.0 | 34,317 | 11/26/2020 | |
4.0.1 | 60,593 | 1/31/2020 | |
3.1.0 | 2,375 | 11/2/2019 | |
3.0.0 | 664 | 11/1/2019 | |
2.4.1 | 762 | 10/31/2019 | |
2.4.0 | 671 | 10/31/2019 | |
2.3.3 | 4,138 | 6/13/2019 | |
2.3.2 | 3,457 | 9/11/2018 | |
2.3.1 | 1,007 | 9/8/2018 | |
2.1.1 | 992 | 8/22/2018 | |
2.1.0 | 1,484 | 8/18/2018 | |
2.0.0 | 973 | 8/18/2018 | |
1.0.4 | 30,960 | 6/8/2017 | |
1.0.3 | 1,239 | 6/8/2017 | |
1.0.3-beta007 | 855 | 5/31/2017 | |
1.0.2 | 29,200 | 5/19/2017 | |
1.0.1 | 4,033 | 5/16/2017 | |
1.0.0 | 11,382 | 5/15/2017 | |
1.0.0-beta002 | 897 | 5/15/2017 | |
1.0.0-beta001 | 894 | 5/15/2017 |
* Remove reporting on transient vulnerabilities.
* Bugfix: Change to in-mem appSettings, as dotnet tools don't have access to NuGet content folder the same way as regular NuGets when they're run (path issues).