一键导入
nuget-fetcher
Fetch NuGet package metadata, versions, vulnerabilities, compat matrix, and deprecation status. Supports dotnet list package and NuGet.org v3 API.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Fetch NuGet package metadata, versions, vulnerabilities, compat matrix, and deprecation status. Supports dotnet list package and NuGet.org v3 API.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Full-project health audit — spawns 5 specialists (dotnet-reviewer, security-analyzer, testing-reviewer, performance-profiler, deployment-validator) in parallel. Use for onboarding or pre-release.
Analyze project/namespace boundaries, detect circular refs and layering violations via dotnet-depends and solution graph. Use before major refactors or to validate Clean Architecture.
Senior-engineer challenge mode — aggressively question the current approach, hunt for N+1 queries, captive deps, missing auth, sync-over-async, leaks. Use before finalizing significant changes.
Capture a solved problem as institutional knowledge. Writes `.claude/solutions/{category}/{slug}.md` with symptoms, root cause, fix, category, tags. Use after notable fixes.
Generate or update documentation — XML doc comments, README, architecture docs, OpenAPI descriptions. Uses code as source of truth; no hallucinated features.
Extract durable lessons from a just-finished fix — propose CLAUDE.md rule, Iron Law addition, or Solution doc. Use after resolving a surprising/repeatable bug.
| name | nuget-fetcher |
| description | Fetch NuGet package metadata, versions, vulnerabilities, compat matrix, and deprecation status. Supports dotnet list package and NuGet.org v3 API. |
| argument-hint | <package name> [--version <v>] |
| effort | low |
Retrieve concrete NuGet package facts — no hallucinated versions or APIs.
# In a project directory
dotnet list package # installed
dotnet list package --outdated # available upgrades
dotnet list package --vulnerable --include-transitive
dotnet list package --deprecated
# Global / without project
# v3 Registration index
curl -s "https://api.nuget.org/v3/registration5-semver1/<id>/index.json"
# Service discovery
curl -s "https://api.nuget.org/v3/index.json"
# Catalog (historical releases)
curl -s "https://api.nuget.org/v3/catalog0/index.json"
Per package:
--vulnerable or GitHub Advisory)dotnet list package inside the projectdotnet list package --vulnerable--vulnerable matches as security-critical# Polly — NuGet metadata
| Field | Value |
|-------|-------|
| Latest | 8.4.0 (stable) |
| Published | 2026-03-20 |
| Target frameworks | net6.0, net8.0, net9.0 |
| License | BSD-3-Clause |
| Repository | github.com/App-vNext/Polly |
| Vulnerabilities | none |
| Deprecated | no |
## Direct deps (latest)
- Microsoft.Bcl.AsyncInterfaces ≥ 6.0.0
## Notable
- v8 is a major rewrite with breaking API changes from v7
- `Microsoft.Extensions.Http.Resilience` wraps Polly for HttpClient
Used by:
nuget-researcher agent (library evaluation)/dotnet:research --library skill/dotnet:plan when evaluating depsaudit / techdebt skills${CLAUDE_SKILL_DIR}/references/nuget-api.md — v3 endpoints,
registration, flat container, search${CLAUDE_SKILL_DIR}/references/vuln-sources.md — GHSA, NuGet
advisories, --vulnerable limits${CLAUDE_SKILL_DIR}/references/framework-monikers.md — TFM
compatibility reference--vulnerable results