The primary service responsible for ensuring that a submitted package is valid, is called, unsurprisingly, Package Validator. It has been the backbone of the package moderation services since 2015 and the first service a package goes through on its approval journey to the Chocolatey Community Repository. As Chocolatey products evolve, the Package Moderation Services evolve and the rules and guidelines evolve with them. We have made some changes to the Package Validator rules to shift some guidelines to requirements and bring in some new requirements from 1 September 2022.
Before I go into the rules themselves, let's be clear:
- The rules only affect packages submitted to the Chocolatey Community Repository.
- The rules only affect new package versions submitted and do not affect existing package versions submitted.
In short, if you submit a package version to the Chocolatey Community Repository on, or after, 1 September 2022, these rules will be applied.
There are four types of Package Validator rules that are used:
- Requirements: these are mandatory.
- Guidelines: these are strong recommendations.
- Suggestions: these are suggestions to help improve the quality of the package.
- Notes: these are checks that cannot be automated and are for a human moderator to work through.
Each of these rules are used in different ways. For example, packages that do not meet rule requirements will fail and maintainers will be notified. All other rule types will allow the package to proceed to the next stage of the Package Moderation Services, but a human moderator may ask the maintainer to make changes to a package after their validation checks of the package.
The new rules that have been added to Package Validator are requirements, and are shown below:
descriptionfield length in package metadata. A package description must be a minimum of 30 characters (excluding leading and trailing whitespace) in the package
.nuspecfile. This was previously only a guideline that has now become a requirement.
- Package metadata should not contain email addresses. There is currently a requirement rule to not include email addresses in the
ownersfield in the package
.nuspecfile. This has been enhanced to check all the fields in the package
- Chocolatey 'private' variables can no longer be used. We have recommended for some time that some Chocolatey variables should not be used in packages, so any recent packages are unlikely to be affected by this rule. Those variables are:
- Download helper cmdlets require a checksum. When using the Chocolatey helper cmdlets that download a file, the
Checksum64parameter must be used to validate the download. Those helper cmdlets are:
Install-ChocolateyVsixPackage(only supports the
- Use of Ftp and Web download helper cmdlets must use
Get-ChecksumValidto validate checksum. The
Get-WebFilecmdlets do not have a
Checksum64parameter, but the files downloaded by these cmdlets must still have their checksum validated separately using
Get-ChecksumValidin the package scripts.
- Prevent use of non-Chocolatey download cmdlets. Package maintainers cannot use non-Chocolatey helper cmdlets in packages to download files. These include:
- Any cmdlet or function containing the name
- Any cmdlet or function containing the name
The new rules will take effect from 1 September 2022. These new requirements are a formal, automated, implementation of what our team of Community Moderators have been implementing, manually, for some time now, and we anticipate the impact to packages, and package maintainers, to be minimal. However, if there is an impact to a package, the package maintainer can request a temporary exemption to give them time to make changes that will comply with the new rules.
If you have any questions or concerns about these changes, then please reach out on the #community-maintainers channel of our Community Chat.
- #news 64 Number of post with tag news
- #press release 51 Number of post with tag press release
- #chocolatey for business 41 Number of post with tag chocolatey for business
- #packaging 18 Number of post with tag packaging
- #open source 15 Number of post with tag open source
- #12 days of Chocolatey 2023 12 Number of post with tag 12 days of Chocolatey 2023
- #tutorial 12 Number of post with tag tutorial
- #chocolatey community repository 9 Number of post with tag chocolatey community repository
- #chocolatey central management 6 Number of post with tag chocolatey central management
- #chocolatey cli 6 Number of post with tag chocolatey cli