I ran into this unexpected situation where I tried to install a global tool (dotnet tool install -g xxx) but it failed because I was in a project directory which had a nuget.config pointing to an internal source.
I believe this behavior is wrong, and probably even unsecure. It is expected that dotnet will use the local nuget.config when installing a local tool, because the tool is scoped to the current folder. However, when installing a global tool, the user is unlikely to consider that the local directory is going to influence the result, and therefore will be less careful. It can even become a security risk if there is a leftover nuget.config file in the downloads or temp directory.
I believe dotnet tool install -g should only use the userprofile nuget.config.
I ran into this unexpected situation where I tried to install a global tool (
dotnet tool install -g xxx) but it failed because I was in a project directory which had a nuget.config pointing to an internal source.I believe this behavior is wrong, and probably even unsecure. It is expected that dotnet will use the local nuget.config when installing a local tool, because the tool is scoped to the current folder. However, when installing a global tool, the user is unlikely to consider that the local directory is going to influence the result, and therefore will be less careful. It can even become a security risk if there is a leftover nuget.config file in the downloads or temp directory.
I believe
dotnet tool install -gshould only use the userprofile nuget.config.