Wish I could upvote more than once. Azure artifacts has some fucky authentication requirements (cleartextpassword is the dumbest field I’ve ever heard of - especially since it’s not clear text or a password, it’s a base64ed PAT) but there’s plenty of first party support to make it less painful, and it’s a problem you only have to ‘fix’ once.

Our prior solution was verdaccio for NPM and a shared drive location for Nuget, and….well, it beats the tar out of either of those. Being able to see exactly what’s in the feed, when it got there, who put it there….all grade a stuff. Handling SSO and such seamlessly is nice too, and being able to scope access with tons of granularity….well it seems like a rake waiting to be stepped on, honestly, but if you need to manage access it seems like a big win.

Public feeds - yes. Why reinvent the wheel? Will be easier to find and use if it’s on nuget.org.

If OP’s goal is to be able to source control all the public packages that their projects use, for security or peace of mind purposes (or to make it the sole source of packages to avoid dependency injection/confusion attacks)…there’s actually a feature of Azure Artifacts where you can pull packages from an ‘upstream’ like nuget.org and host public packages in a private feed. It’s got a gui, and it’s pretty convenient as far as such things go.

So glad I Xited right after Musk’s purchase was finalized. My days are freer and my conscience is clear!

My first wifi network post-college was “viruses_and_goat_porn”.

It still didn’t stop free loaders….but in their defense, there were no viruses. 👀🐐

This was my first thought.

I do this for a living and it’s literally built into Linux.

Set their permissions carefully, ensure that the permission set does what you want (and not a bunch of stuff you don’t want), and keep on keeping on.