Merge main to live #3429

Author: zivkan

docs/TOC.md

@@ -347,6 +347,7 @@
 ### [Known Issues](release-notes/known-issues.md)
 
 ### NuGet 6.x
+#### [NuGet 6.14](release-notes/NuGet-6.14.md)
 #### [NuGet 6.13](release-notes/NuGet-6.13.md)
 #### [NuGet 6.12](release-notes/NuGet-6.12.md)
 #### [NuGet 6.11](release-notes/NuGet-6.11.md)

docs/concepts/Auditing-Packages.md

@@ -4,7 +4,7 @@ description: How to audit package dependencies for security vulnerabilities and
 author: JonDouglas
 ms.author: jodou
 ms.topic: conceptual
-ms.date: 02/11/2025
+ms.date: 05/05/2025
 ---
 
 # Auditing package dependencies for security vulnerabilities
@@ -44,10 +44,14 @@ We recommend that audit is configured at a repository level.
 
 | MSBuild Property | Default | Possible values | Notes |
 |------------------|---------|-----------------|-------|
-| NuGetAuditMode | direct | `direct` and `all` | If you'd like to audit top-level dependencies only, you can set the value to `direct`. NuGetAuditMode is not applicable for packages.config projects.  |
+| NuGetAuditMode | See 1 below | `direct` and `all` | If you'd like to audit top-level dependencies only, you can set the value to `direct`. NuGetAuditMode is not applicable for packages.config projects.  |
 | NuGetAuditLevel | low | `low`, `moderate`, `high`, and `critical` | The minimum severity level to report. If you'd like to see `moderate`, `high`, and `critical` advisories (exclude `low`), set the value to `moderate` |
 | NuGetAudit | true | `true` and `false` | If you wish to not receive security audit reports, you can opt-out of the experience entirely by setting the value to `false` |
 
+1. `NuGetAuditMode` defaults to `all` when a project targets `net10.0` or higher.
+   Otherwise `NuGetAuditMode` defaults to `direct`.
+   When a project multi-targets, if any one target framework selects `all`, then audit will use this value for all target frameworks.
+
 #### Audit Sources
 
 Restore downloads a server's [`VulnerabilityInfo` resource](../api/vulnerability-info.md) to check against the list of packages each project is using.

docs/consume-packages/Central-Package-Management.md

@@ -1,4 +1,4 @@
----
+---
 title: Central Package Management
 description: Manage your dependencies in a central location and how you can get started with central package management.
 author: jondouglas
@@ -18,7 +18,7 @@ Historically, NuGet package dependencies have been managed in one of two locatio
 - `packages.config` - An XML file used in older project types to maintain the list of packages referenced by the project.
 - `<PackageReference />` - An XML element used in MSBuild projects defines NuGet package dependencies.
 
-Starting with [NuGet 6.2](..\release-notes\NuGet-6.2.md), you can centrally manage your dependencies in your projects with the addition of a
+Starting with [NuGet 6.2](../release-notes/NuGet-6.2.md), you can centrally manage your dependencies in your projects with the addition of a
 `Directory.Packages.props` file and an MSBuild property.
 
 The feature is available across all NuGet integrated tooling, starting with the following versions.
@@ -57,7 +57,7 @@ version.
 </Project>
 ```
 
-For each project, you then define a `<PackageReference />` but omit the `Version` attribute since the version will be attained from a corresponding
+For each project, you then define a `<PackageReference />` but omit the `Version` attribute since the version will be obtained from a corresponding
 `<PackageVersion />` item.
 
 ```xml
@@ -81,19 +81,24 @@ simplicity, only one `Directory.Packages.props` file is evaluated for a given pr
 What this means is that if you had multiple `Directory.Packages.props` files in your repository, the file that is closest to your project's directory will
 be evaluated for it. This allows you extra control at various levels of your repository.
 
-Here's an example, consider the following repository structure:
+Consider the following repository structure:
 
 ```
-Repository
- |-- Directory.Packages.props
- |-- Solution1
-     |-- Directory.Packages.props
-     |-- Project1
- |-- Solution2
-     |-- Project2
+📂 (root)
+ ├─📄 Directory.Packages.props
+ |
+ ├─📂Solution1
+ |  ├─ 📄Directory.Packages.props
+ |  |
+ |  └─ 📂 Project1
+ |      └─📄Project1.csproj
+ |
+ └─ 📂 Solution2
+    └─ 📂 Project2
+        └─ 📄 Project2.csproj
 ```
 
-- Project1 will evaluate the `Directory.Packages.props` file in the `Repository\Solution1\` directory and it must manually import the next one if so desired.
+- `Project1.csproj` will load the `Directory.Packages.props` file in the `Repository\Solution1\` directory first and it must manually import any parent ones if desired.
   ```xml
   <Project>
     <Import Project="$([MSBuild]::GetPathOfFileAbove(Directory.Packages.props, $(MSBuildThisFileDirectory)..))" />
@@ -102,14 +107,14 @@ Repository
     </ItemGroup>
   </Project>
   ```
-- Project2 will evaluate the `Directory.Packages.props` file in the `Repository\` directory.
+- `Project2.csproj` will evaluate the `Directory.Packages.props` file in the root directory.
 
-**Note:** MSBuild will not automatically import each `Directory.Packages.props` for you, only the first one closest to the project.  If you have multiple
-`Directory.Packages.props`, you must import the parent one manually while the root `Directory.Packages.props` would not.
+**Note:** MSBuild will not automatically import each `Directory.Packages.props` for you, only the first one found in the project directory or any parent directory.  If you have multiple
+`Directory.Packages.props` files, you must import any files in parent directories manually.
 
 ## Get started
 
-To fully onboard your repository, consider taking these steps:
+To fully onboard your repository, follow these steps:
 
 1. Create a new file at the root of your repository named `Directory.Packages.props` that declares your centrally defined package versions and set
  the MSBuild property `ManagePackageVersionsCentrally` to `true`.
@@ -211,7 +216,7 @@ the feature is disabled.
 
 ## Disabling Central Package Management
 
-If you'd like to disable central package management for any a particular project, you can disable it by setting the MSBuild property
+If you would like to disable central package management for a particular project, you can disable it by setting the MSBuild property
 `ManagePackageVersionsCentrally` to `false`:
 
 ```xml
@@ -251,8 +256,3 @@ this warning, map your package sources with [package source mapping](https://aka
 ```
 There are 3 package sources defined in your configuration. When using central package management, please map your package sources with package source mapping (https://aka.ms/nuget-package-source-mapping) or specify a single package source.
 ```
-
-
-
-> [!Note]
-> Central package management is in active development. We appreciate you trying it out and providing any feedback you may have at [NuGet/Home](https://github.com/nuget/home/issues).

docs/consume-packages/consuming-packages-authenticated-feeds.md

@@ -141,8 +141,7 @@ However, the credential provider for the .NET SDK is not included by Visual Stud
 
 ### List of credential providers
 
-There is a [feature request to make credential providers installable via .NET tools](https://github.com/NuGet/Home/issues/12567), and this will likely make it easier to discover other credential providers.
-Until this is implemented, here is a list of credential providers we are aware of:
+Here is a list of credential providers we are aware of:
 
 * [AWS CodeArtifact NuGet Credential Provider](https://docs.aws.amazon.com/codeartifact/latest/ug/nuget-cli.html#nuget-configure-cli)
 * [Azure Artifacts Credential Provider](https://github.com/microsoft/artifacts-credprovider). This link is just for the command line credential provider.

docs/nuget-org/package-readme-on-nuget-org.md

@@ -27,6 +27,39 @@ Consider including the following items in your readme:
 * Where and how to leave feedback such as link to the project issues, Twitter, bug tracker, or other platform.
 * How to contribute, if applicable.
 
+For example, you can start with this package README template:
+
+```text
+# Package readme title, e.g., display name or title of the package (optional)
+
+Start with a clear and concise description: A brief overview of what your package is and does, also what problem it solves.
+
+## Getting started
+
+Explain how to use your package, provide clear and concise getting started instructions, including any necessary steps.
+
+### Prerequisites
+
+What are specific minimum requirements to use your packages? Consider excluding this section if your package works without any additional setup beyond simple package installation.
+
+## Usage
+
+Examples about how to use your package by providing code snippets/example images, or samples links on GitHub if applicable. 
+
+- Provide sample code using code snippets
+- Include screenshots, diagrams, or other visual help users better understand how to use your package
+
+## Additional documentation
+
+Provide links to more resources: List links such as detailed documentation, tutorial videos, blog posts, or any other relevant documentation to help users get the most out of your package.
+
+## Feedback
+
+Where and how users can leave feedback?
+
+- Links to a GitHub repository where could open issues, Twitter, a Discord channel, bug tracker, or other platforms where a package consumer can connect with the package author.
+```
+
 Keep in mind, high quality readmes can come in a wide variety of formats, shapes, and sizes! If you already have a package available on NuGet.org, chances are that you already have a `readme.md` or other documentation file in your repository that would be a great addition to your NuGet.org details page.
 
 > [!Note]

docs/reference/errors-and-warnings/NU1008.md

@@ -11,51 +11,49 @@ f1_keywords:
 
 # NuGet Error NU1008
 
-> Projects that use central package version management should not define the version on the PackageReference items but on the PackageVersion items: PackageId.
+> The following PackageReference items cannot define a value for Version: PackageName.  Projects using Central Package Management must define a Version value on a PackageVersion item.
 
-### Issue
+## Issue
 
-When using central package management, versions must be defined on the PackageVersion item.
-
-In your project file, you may see:
+A project is configured to use NuGet [Central Package Management](../../consume-packages/Central-Package-Management.md) and a `<PackageReference />` item is defined which specifies a value for the `Version` attribute:
 
 ```xml
-<!-- In the project file. -->
-<PackageReference Include="PackageId" Version="5.1.0" />
+<ItemGroup>
+  <PackageReference Include="PackageName" Version="5.1.0" />
+</ItemGroup>
 ```
 
-### Solution
-
-- Remove the version from the PackageId PackageReference.
-- You may need to add or update the PackageVersion item for PackageId in Directory.Packages.props
-
-    Example:
+Alternatively, a `<PackageReference />` item is defined with a child `<Version />` element that has a value specified:
+```xml
+<ItemGroup>
+  <PackageReference Include="PackageName">
+    <Version>5.1.0</Version>
+  </PackageReference>
+</ItemGroup>
+```
 
-    ```xml
-    <!-- In the project file. -->
-    <PackageReference Include="PackageId" />
-    ```
+Projects configured to use [Central Package Management](../../consume-packages/Central-Package-Management.md) should not define a version on `<PackageReference />` items.
+The version should be defined in on a corresponding `<PackageVersion />` item with the same identifier in [Directory.Packages.props](../../consume-packages/Central-Package-Management.md#enabling-central-package-management) file instead.
 
-    ```xml
-    <!-- In the Directory.Packages.props -->
-    <PackageVersion Include="PackageId" Version="5.1.0" />
-    ```
+## Solution
 
-- Alternatively, you may override an individual package version by using the `VersionOverride` property on a `<PackageReference />` item.
-This overrides any `<PackageVersion />` defined centrally.
+- Remove the `Version` attribute or child `<Version />` element from the `<PackageReference />` item:
 
-    Example:
+  ```xml
+  <ItemGroup>
+    <PackageReference Include="PackageName" />
+  </ItemGroup>
+  ```
 
-    ```xml
-    <!-- In the project file. -->
-    <PackageReference Include="PackageId" VersionOverride="3.0.0" />
-    ```
+- Define a `<PackageVersion />` item that specifies the version in the [Directory.Packages.props](../../consume-packages/Central-Package-Management.md#enabling-central-package-management) file with the same identifier as the `<PackageReference />` item:
 
-    ```xml
-    <!-- In the Directory.Packages.props -->
-    <PackageVersion Include="PackageId" Version="5.1.0" />
-    ```
+  ```xml
+  <ItemGroup>
+    <PackageVersion Include="PackageName" Version="5.0.1" />
+  </ItemGroup>
+  ```
 
+Alternatively, Central Package Management allows overriding centrally defined package versions. See [Overriding Package Versions](../../consume-packages/Central-Package-Management.md#overriding-package-versions) for more information.
 
 > [!NOTE]
 > Note that metadata such as [IncludeAssets, PrivateAssets etc.](../../consume-packages/Package-References-in-Project-Files.md#controlling-dependency-assets) should remain on the PackageReference item.

docs/reference/errors-and-warnings/NU1009.md

@@ -11,12 +11,29 @@ f1_keywords:
 
 # NuGet Error NU1009
 
-> The packages PackageId are implicitly referenced. You do not typically need to reference them from your project or in your central package versions management file. For more information, see https://aka.ms/sdkimplicitrefs
+> The following PackageReference items are implicitly defined and cannot define a PackageVersion item: PackageName.  Projects using Central Package Management require that implicit package versions be specified by the PackageReference item.
 
-### Issue
+## Issue
 
-Implicitly defined packages should not be managed centrally.
+A project is configured to use NuGet [Central Package Management](../../consume-packages/Central-Package-Management.md) and a `<PackageVersion />` item is defined in the [Directory.Packages.props](../../consume-packages/Central-Package-Management.md#enabling-central-package-management) file for a package that is [implicitly defined](https://aka.ms/sdkimplicitrefs).
+Implicitly defined packages are generally declared by an SDK to include packages on your behalf.
+For these packages, the owner of the SDK controls the version being used and a user should not define a version with [Central Package Management](../../consume-packages/Central-Package-Management.md).
 
-### Solution
+```xml
+<ItemGroup>
+  <PackageReference Include="Microsoft.NETCore.App" Version="9.0.0" IsImplicitlyDefined="true" />
+</ItemGroup>
+```
 
-Remove the PackageVersion for PackageId
+## Solution
+
+- Remove the `PackageVersion` item from the [Directory.Packages.props](../../consume-packages/Central-Package-Management.md#enabling-central-package-management) file that corresponds to the implicitly defined package:
+
+  ```xml
+  <ItemGroup>
+    <PackageVersion Include="Microsoft.NETCore.App" Version="1.0.0" />
+  </ItemGroup>
+  ```
+
+> [!NOTE]
+> Some SDKs allow you to override the implicitly defined package version by setting a specific MSBuild property for that package and the SDK may have documentation on how to do so.

docs/reference/errors-and-warnings/NU1010.md

@@ -11,12 +11,27 @@ f1_keywords:
 
 # NuGet Error NU1010
 
-> The PackageReference items PackageId do not have corresponding PackageVersion.
+> The following PackageReference items do not define a corresponding PackageVersion item: PackageName. Projects using Central Package Management must declare PackageReference and PackageVersion items with matching names
 
-### Issue
+## Issue
 
-The PackageReference PackageId is missing a PackageVersion item.
+A project is configured to use NuGet [Central Package Management](../../consume-packages/Central-Package-Management.md) and a `<PackageReference />` item is defined but a corresponding `<PackageVersion />` item with the same name is not defined in the [Directory.Packages.props](../../consume-packages/Central-Package-Management.md#enabling-central-package-management) file:
 
-### Solution
+```xml
+<ItemGroup>
+  <PackageReference Include="PackageName" />
+</ItemGroup>
+```
 
-Add a PackageVersion item for PackageId in the [Directory.Packages.props](../../consume-packages/Central-Package-Management.md).
+## Solution
+
+- Define a `<PackageVersion />` item that specifies the version in the [Directory.Packages.props](../../consume-packages/Central-Package-Management.md#enabling-central-package-management) file with the same identifier as the `<PackageReference />` item:
+
+  ```xml
+  <ItemGroup>
+    <PackageVersion Include="PackageName" Version="5.0.1" />
+  </ItemGroup>
+  ```
+- If a `<PackageVersion />` item is properly defined and this error occurs in Visual Studio, check the Error List window for errors related to loading the project or failed [design time builds](https://github.com/dotnet/project-system/blob/main/docs/design-time-builds.md).
+If Visual Studio is not able to successfully load the project or a design time build fails, NuGet may log this error because it does not have the required information to restore.
+Resolving these underlying issues should fix this error.