Open omajid opened 5 months ago
cc @javiercn @mthalman @MichaelSimons @tmds
Thanks for filing this - we'll look into having a good long-term solution for this after our current security wave ends, likely for .NET 10.
@javiercn @wtgodbe we'd like to understand better where the pre-built JavaScript that source-build uses ends up. Does it become part of the distro packages, or is it part of Microsoft nuget.org packages? What types of .NET projects use it? If it is part of nuget.org packages, does the SDK assume specific versions for these packages?
Is there an existing issue for this?
Is your feature request related to a problem? Please describe the problem.
For ASP.NET Core in a source-build context, there are two goals that are generally in tension with each other:
Describe the solution you'd like
Perhaps we can reduce the pain in the second point by focusing on things that are really needed in a VMR/source-build context?
For example, in a VMR/source-build context, we don't need to:
@microsoft/signalr
) for publishing to npmjs.orgIs there a list of packages/projects that are strictly required for creating the .NET SDK in a source-build context? Can we trim down the ASP.NET Core dependency tree (and build system) to focus on just those packages, to make it easier to source-build all of ASP.NET Core?
Additional context
No response