Microsoft.Sbom.Targets.csproj should set <DevelopmentDependency>true</DevelopmentDependency> so that, when dotnet add package adds the Microsoft.Sbom.Targets package to a project, the PackageReference item gets this kind of metadata by default:
DevelopmentDependency does not matter if the PackageReference is automatically added by .NET SDK as in https://github.com/dotnet/sdk/pull/43151, because dotnet add package is not used in this case; but it can be useful if the package is used with an older SDK that does not do so, or perhaps if the developer wants to use a specific version of Microsoft.Sbom.Targets instead of the SDK default.
Microsoft.Sbom.Targets.csproj
should set<DevelopmentDependency>true</DevelopmentDependency>
so that, whendotnet add package
adds the Microsoft.Sbom.Targets package to a project, the PackageReference item gets this kind of metadata by default:Then, any NuGet package built from that project will not declare a dependency on Microsoft.Sbom.Targets. The DevelopmentDependency setting is documented in https://learn.microsoft.com/nuget/reference/msbuild-targets#pack-target and https://github.com/NuGet/Home/wiki/DevelopmentDependency-support-for-PackageReference.
DevelopmentDependency does not matter if the PackageReference is automatically added by .NET SDK as in https://github.com/dotnet/sdk/pull/43151, because
dotnet add package
is not used in this case; but it can be useful if the package is used with an older SDK that does not do so, or perhaps if the developer wants to use a specific version of Microsoft.Sbom.Targets instead of the SDK default._Originally posted by @KalleOlaviNiemitalo in https://github.com/microsoft/sbom-tool/pull/674#discussion_r1751708750 and then https://github.com/microsoft/sbom-tool/issues/693#issuecomment-2340388481_