Haha, I missed it by one minor verison. :-D Sounds good. Thanks for the quick response. Means I get to test my scripted upgrade process. :-D Have a good one.

That's actually pretty awesome. that's exactly what I was sort of thinking of doing.

Thanks for letting us know. We are totally redoing our installer soon, so we will probably take care of it then! I think, generally, you might want to install SQL separately when going automated. When SQL fails to install, it's not so graceful, and it will be harder to tell what went wrong when diagnosing a failed ProGet installation

This is not supported at this time.

No special case. The link to the package statistic indicate 863 downloads and when we click on this link it show us only local package and note what is present in the cache. It's just disturbing. And the statitc on remote package are instrusting as local packages.

Somewhat similar to the post you've read already, but I've provided an answer to this kind of problem before: https://inedo.com/support/questions/7990 Basically it's setting up two IIS sites, one with Windows auth the other with Basic Auth (or anonymous if you want). One instance of ProGet, but two ways to get to it. We've been successfully using ProGet with both Windows Auth (for .NET nugets) and Basic Auth (for npm and docker) for about a year now, with the configuration described in the post I referenced. David

Hello Dmytro, I've filed PG-1252 to address this.

Once I flushed the browser cache, everything rendered as it should.

I'm not sure why, but looking at .11 and .12, they would only impact Windows installations, so you can just use .10 or upgrade to v5.

It was generalized to use ProGet's API keys which have more granular security options: https://inedo.com/support/documentation/proget/feeds/nuget#nuget-api-key

I'm not too familiar with how OneGet fits into all this; you'd really be better asking this question at the Chocolatey or OneGet forum. You'll still use ProGet to host the packages, but I'm really not sure which client tool (choco, etc) will do the download and install on a desktop.

Hi Ben, Yeah adding a licence fixed this problem. Thanks for the hint. Have a nice day.

Hello Subash, To check whether any connectors are unhealthy, you could use a PowerShell script like this: $someConnectorsUnhealthy = ( Invoke-RestMethod 'https://devget.syhapp.com:8798/api/json/Connectors_GetConnectors?API_Key=*******&Feed_Id=***' | Where-Object { $_.Status_Code -ne 'H' }).Count -gt 0 After this, $someConnectorsUnhealthy is $True if any connectors for that feed are not in a healthy state, and $False if all connectors are healthy. If your API key contains = or +, it needs to be URL-encoded, with = replaced by %3D and + replaced by %2B. Alternatively, you can change the API key to be URL-safe.

The error is "failed with: 401 Unauthorized", so it probably means you need to specify an authentication source? We didn't change the way authentication is handled in v5, so it's likely unrelated to the upgrade.

Hi Ben. Thank you for the clarification of the problem scope. Look forward to the fix. Thank you for the quick response, much appreciated +1 Inedo has excellent support and reacts promptly.

This is by design; accurately paging in the UI is basically impossible due to limited connector aggregation, package filtering policies, etc. Especially after you do a search. Instead, you can display "up to 1000" packages in the UI, which is probably more than you would ever need to scroll through, and search as needed.

I second this. Need to learn Markdown, though

Thank you with version 4.8.12, it's working.

It's a "401" error, which means "not authorized" In this case, you could have the wrong credentials in Yarn (or no credentials). Note that "Windows Integrated Auth" is not supported by npm or yarn.

Good question. Regarding Vor Security, that was a recent acquisition by Sonatype, and it's being transitioned into a new service called OssIndex. Sonatype plans to keep this going for the foreseeable future, and we have verified this with Ken Duck (formerly of Vor Security, now Sonatype employee). ProGet will continue to support it (we are renaming it as well). Moreover, we are planning to work with Sonatype to better integrate their broader services (vulnerability scanning) with ProGet. We are also investigating Blackduck integration, though we're not entirely sure how it would work with ProGet. Regarding "developing our own"... broadly speaking, there are two types of vulnerabilities scanning: static analysis - analyzing actual code or binaries to look for patterns (buffer overflow, etc); this is done "on your own software" repository/database - looking at public databases like NVD, CVE, etc. for vendor- or third-party documented vulnerabilities reported for a known, published piece of software We don't believe that static analysis has a place in a package manger; there are a handful of tools that can scan your codebase directly for this. As for repository/databases, it's not really bout "finding" vulnerabilities in software, it's more about "aggregating databases" and then translating those into machine-readable formats. This is what Sonatype, Whitesource, etc., do, and we think more vendors will continue to innovate in this space. But the "repository" and "scanning" are two different problems, and you should pick the best of both problems; it would almost be like saying "Microsoft makes Office, may as well use Visual Studio and .NET". ProGet has the extensibility support for this already, so we should be able to integrate with new providers as they come up,