In the wake of MyGet going down this week, leaving Sitecore and the community in a mad scramble to move packages to NuGet or find another solution, some may be questioning what can be done to prevent this in the future. Specifically, should you host your own Sitecore feeds?
Sitecore hosted many packages used by the community in MyGet and are in the middle of a migration to NuGet feeds that is expected to be completed by November 2023. Please see the following for details: Support Information – Transition of Sitecore public feeds from MyGet to NuGet after November 2023
When the MyGet site went down, it massively accelerated moving several items (and still others to migrate/see the link above) and the community worked with Sitecore, and Sitecore scrambled to move things over. Hats off to Sitecore for what was a very difficult day for them and the community. To be clear, it was not a Sitecore hosted service that failed but one in use beyond Sitecore.
The specific endpoints, per Sitecore, that are changing are as follows:
- The URL of the new public feed is: https://nuget.sitecore.com/resources/v3/index.json
- The URL for the internal artifact provider is: https://cloudsmith.io/~sitecore/repos/resources/groups/
- The custom NPM feed will move from https://sitecore.myget.org/gallery/sc-npm-packages to the public NPM provider https://www.npmjs.com/
Pros/Cons of Hosting Your Own Sitecore Feed
Hosting your own Sitecore feed could provide a few benefits such as semi-autonomy, but is not without cost, especially around governance and staying up to date.
A few potential pros are as follows:
- Host feeds on prem or in your own cloud endpoint with access restrictions to only allow your organization for system control
- In the case of an outage of public feeds, you are pulling from your own feed
- Control over which feeds, including history of packages, are available
- Add custom packages that are specific to your needs alongside the other Sitecore available feeds
Managing your own feeds do have some cons. A few to consider are:
- Cost and overhead of managing your own feed infrastructure
- Keeping packages up to date may require regular review or a nightly pull from public feeds via a DevOps process
- Security of blocking your own feeds
- If you decide to share your feeds, you could conflict/confuse with what Sitecore has published or not have the most up to date version