NuGet
diff --git a/‎.openpublishing.redirection.json‎
Lines changed: 6 additions & 1 deletion b/‎.openpublishing.redirection.json‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎docs/TOC.md‎
Lines changed: 0 additions & 1 deletion b/‎docs/TOC.md‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎docs/concepts/Auditing-Packages.md‎
Lines changed: 29 additions & 0 deletions b/‎docs/concepts/Auditing-Packages.md‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎docs/concepts/Package-Versioning.md‎
Lines changed: 3 additions & 0 deletions b/‎docs/concepts/Package-Versioning.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎docs/consume-packages/Central-Package-Management.md‎
Lines changed: 2 additions & 2 deletions b/‎docs/consume-packages/Central-Package-Management.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/consume-packages/Package-Restore.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/consume-packages/Package-Restore.md‎
Lines changed: 1 addition & 1 deletion
@@ -99,7 +99,7 @@
             "source_path": "docs/Quickstart/Create-and-publish-a-package.md",
             "redirect_url": "/nuget/quickstart/create-and-publish-a-package-using-visual-studio",
             "redirect_document_id": false
-        },        
+        },
         {
             "source_path": "docs/Quickstart/Use-a-Package.md",
             "redirect_url": "/nuget/quickstart/install-and-use-a-package-in-visual-studio",
@@ -384,6 +384,11 @@
             "source_path": "docs/reference/errors-and-warnings/NU1904.md",
             "redirect_url": "/nuget/reference/errors-and-warnings/NU1901-NU1904",
             "redirect_document_id": false
+        },
+        {
+            "source_path": "docs/guides/create-packages-for-xamarin.md",
+            "redirect_url": "/nuget",
+            "redirect_document_id": false
         }
     ]
 }
@@ -55,7 +55,6 @@
 ### [Create a native package](guides/native-packages.md)
 ### [Create UI controls as a NuGet package](guides/create-UI-controls.md)
 ### [Create an analyzer as a NuGet package](guides/analyzers-conventions.md)
-### [Create a package for Xamarin with Visual Studio 2017 or 2019](guides/create-packages-for-xamarin.md)
 ### [Create a package with COM interop assemblies](create-packages/author-packages-with-COM-interop-assemblies.md)
 ## Sign packages
 ### [Sign a package](create-packages/sign-a-package.md)
 
@@ -4,6 +4,7 @@ description: How to audit package dependencies for security vulnerabilities and
 author: JonDouglas
 ms.author: jodou
 ms.topic: conceptual
+ms.date: 02/11/2025
 ---
 
 # Auditing package dependencies for security vulnerabilities
@@ -105,6 +106,34 @@ Alternatively, if you want to keep low and moderate vulnerabilities as warnings,
 > [!NOTE]
 > MSBuild properties for message severity such as `NoWarn` and `TreatWarningsAsErrors` are not supported for packages.config projects.
 
+## Ensure restore audited projects
+
+NuGet in MSBuild 17.13 and .NET 9.0.200 added output properties `RestoreProjectCount`, `RestoreSkippedCount` and `RestoreProjectsAuditedCount` on the restore task.
+This can be used to enforce that audit ran during a restore.
+Note that these output properties are not available with [static graph restore](../reference/msbuild-targets.md#restoring-with-msbuild-static-graph-evaluation).
+
+Since MSBuild is a scripting language, this can be achieved a number of different ways, but also has the same restrictions as MSBuild has.
+One example is to create a file *Directory.Solution.targets* in the same directory as your solution file, whose contents has a target similar to the following.
+Note that *Directory.Build.props* is commonly used, but is imported by projects.
+However, NuGet's restore target and task runs at the solution level, so needs to be in MSBuild's solution extensibility file, not the project/build file.
+
+```xml
+<Project>
+    <Target Name="AssertRestoreTaskOutputProperties"
+            AfterTargets="Restore"
+            Condition="'$(CI)' == 'true'">
+        <Error
+            Condition="'$(RestoreProjectsAuditedCount)' != '$(RestoreProjectCount)'"
+            Text=""Restore did not audit every project in the solution. Expected: $(RestoreProjectCount) Found: $(RestoreProjectsAuditedCount)"" />
+    </Target>
+</Project>
+```
+
+Depending on your use-case, you may wish to use condition `'$(RestoreProjectCount)' != '$([MSBuild::Add($(RestoreProjectsAuditedCount), $(RestoreSkippedCount))'` on the error message, to account for projects that restore skipped because they were already up to date.
+Similarly, think about if you want this error to happen everywhere, or only in CI pipelines, and what environment variables are defined in your CI environment, and factor this into the target's condition.
+Again, since MSBuild is a scripting language, you can use any of its capabilities to customize your repo however you want.
+Viewing [MSBuild's metaproj](/visualstudio/msbuild/how-to-build-specific-targets-in-solutions-by-using-msbuild-exe#troubleshooting) and [binlogs](/visualstudio/msbuild/msbuild-command-line-reference#switches-for-loggers) are useful to develop and troubleshoot solution level targets.
+
 ## `dotnet list package --vulnerable`
 
 Once a project is successfully restored, [`dotnet list package`](/dotnet/core/tools/dotnet-list-package) has a `--vulnerable` argument to filter the packages based on which packages have known vulnerabilities.
 
@@ -132,6 +132,9 @@ Avoid specifying an upper bound to version ranges to packages you don't own unle
      Will resolve to the highest acceptable stable version.-->
 <PackageReference Include="ExamplePackage" Version="6.*" />
 
+<!-- Accepts only version 6.1.0. -->
+<PackageReference Include="ExamplePackage" Version="[6.1.0]" />
+
 <!-- Accepts any version above, but not including 4.1.3. Could be
      used to guarantee a dependency with a specific bug fix. 
      Will resolve to the smallest acceptable stable version.-->
 
@@ -165,8 +165,8 @@ When you use the pack command to create a package, both packages will appear in
 
 ```xml
       <group targetFramework="net6.0">
-        <dependency id="PackageA" version="6.12.1" exclude="Build,Analyzers" />
-        <dependency id="PackageB" version="6.12.1" exclude="Build,Analyzers" />
+        <dependency id="PackageA" version="1.0.0" exclude="Build,Analyzers" />
+        <dependency id="PackageB" version="2.0.0" exclude="Build,Analyzers" />
       </group>
 ```
 
 
@@ -87,7 +87,7 @@ Select **Automatically check for missing packages during build in Visual Studio*
 </configuration>
 ```
 
-For non-SDK-style projects, you must select **Allow NuGet to download missing packages** as well as **Automatically check for missing packages during build in Visual Studio** in **Options** to enable automatic restore.
+You must select **Allow NuGet to download missing packages** as well as **Automatically check for missing packages during build in Visual Studio** in **Options** to enable package restore during build.
 
 <a name="choose-default-package-management-format"></a>
 #### Choose the default package management format
Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,7 @@`
`99`	`99`	`"source_path": "docs/Quickstart/Create-and-publish-a-package.md",`
`100`	`100`	`"redirect_url": "/nuget/quickstart/create-and-publish-a-package-using-visual-studio",`
`101`	`101`	`"redirect_document_id": false`
`102`		`- },`
	`102`	`+ },`
`103`	`103`	`{`
`104`	`104`	`"source_path": "docs/Quickstart/Use-a-Package.md",`
`105`	`105`	`"redirect_url": "/nuget/quickstart/install-and-use-a-package-in-visual-studio",`
`@@ -384,6 +384,11 @@`
`384`	`384`	`"source_path": "docs/reference/errors-and-warnings/NU1904.md",`
`385`	`385`	`"redirect_url": "/nuget/reference/errors-and-warnings/NU1901-NU1904",`
`386`	`386`	`"redirect_document_id": false`
	`387`	`+ },`
	`388`	`+ {`
	`389`	`+ "source_path": "docs/guides/create-packages-for-xamarin.md",`
	`390`	`+ "redirect_url": "/nuget",`
	`391`	`+ "redirect_document_id": false`
`387`	`392`	`}`
`388`	`393`	`]`
`389`	`394`	`}`