Is it possible that you can be infected with malware by installing nuget packages?
This is especially interesting when you think of Microsoft Visual Studio 2016 which will be fully dependent on Nuget.
答案 0 :(得分:4)
NuGet packages can run arbitrary powershell scripts at install or deinstall time.
In addition, they add executable code (through dll they install) to your solution, that you will execute the next time you run it (after all, that's the point of installing a package, right?).
So yes, installing NuGet packages from shady sources is not much different than running executable code from said sources.
However, the same goes for any other executable code you get from the outside world.