描述
NuGet Product(s) Involved
NuGet.exe
The Elevator Pitch
Current packages.lock.json files are generated in a way that makes diffing them non-user-friendly. When moving to central package management (CPM), there is the addition of the CentralTransitive type, and these packages are generated at the bottom of the lock file after all the Transitive packages.
For instance, when comparing two lock files; one before adding CPM and one after adding CPM, if I were to try and compare the packages.lock.json files, I would see a diff like this:
Note the change from
Transitive to CentralTransitive after the move to CPM.
Despite there being no difference in package version here, diffing the two files shows an initially large seeming change, when really the text was just moved to the bottom.
Particularly after enabling transitive pinning, diffing two lock files can be a powerful tool in validating any changes to transitive dependency versions. However, due to the way the files are generated the diff is not as useful as it could be.
The offending source code is here: LockFileFormat.cs where CentralTransitive packages are written to the lock file last.
TLDR: Is it possible to sort the packages by name when generating the lock file to reduce diff churn?
Thanks for taking the time to hear me out!
Additional Context and Details
Repro steps:
- Beginning with a solution that does not currently use CPM (e.g. no Directory.packages.props), add the
RestorePackagesWithLockFileMSBuild property to a .csproj or Directory.Build.props to generate the lock file for each project. Save these somewhere outside of the project. - Then, use dotnet upgrade assistant (VS extension or CLI) to make the projects use central package management. Run a
dotnet restoreand then diff the new packages.lock.json files with the ones from the previous step (pre-CPM). You should see that some packages are now at the bottom, since they have been given the typeCentralTransitive.