Should you check NuGet packages into source control?

A short time ago I posted a question on Twitter about whether people who use NuGet check the actual packages into source control.  There weren’t many answers one way or the other, but a lot of people were curious about an answer.  After some trial and error and experience, I can say this conclusively:

Do not check your NuGet packages into source control.

There are several reasons for this:

  1. Doing so violates one of the concepts of NuGet, which is to easily manage the latest versions of dependencies.
  2. Checking in packages greatly increases the size of the repository.
  3. By default, TFS ignores DLLs, but will check in manifest files.  This causes problems on build servers, since NuGet looks for the manifest, and if it finds one, won’t try and pull the package.  The dependencies you need don’t get deployed.

Here’s the right way to handle this:

  1. Right-click on your solution and select Enable NuGet Package Restore.
  2. Add your NuGet packages to your solution, if you haven’t done so already.
  3. Make sure packages.config is included in your solution, and is committed to source control.
  4. Make sure your packages folder and repositories.config are included in source control, but ignore the individual package folders.
  5. Re-read Step 4.  The key thing here is you want to ignore the folders for the individual NuGet packages.  This can be tedious with a lot of packages, so sometimes a GUI is nice.image

Now, when you go to build your solution, the packages you reference will be pulled fresh by the build server.