A .NET 10 CLI tool for auditing where a NuGet package is referenced and where likely related source usage appears across a C# project or solution.
Removing or replacing an old package is usually spread across project files, central package management files, restore artifacts, and source code. This tool generates one Markdown report so you can review the likely impact before changing anything.
- Input support for:
.csproj.sln.slnx
- Direct package reference detection from project files
- Central package management detection from
Directory.Packages.props - Shared package reference detection from
Directory.Build.propsandDirectory.Build.targets - Legacy
packages.configdetection - Bounded restore support for generating or refreshing
project.assets.json - Direct and transitive package classification from
project.assets.json - Conservative project-owned source enumeration for
.cs,.csx,.razor, and.cshtml - C# syntax scanning for:
- using directives
- attributes
- qualified names
- identifiers
- invocations
- Text scanning for
.razorand.cshtml - Built-in symbol profile for
Newtonsoft.Json - Heuristic symbol discovery for other packages from package IDs and assembly metadata when available
dotnet run --project src/PackageUsageAudit.Cli/PackageUsageAudit.Cli.csproj -- --package-id Newtonsoft.Json --path ./MySolution.slnxThe CLI currently uses exactly two options:
--package-id--path
The report is written to the current working directory.
Example report filename:
package-usage-report.Newtonsoft.Json.20260607-120000.md
dotnet build src/PackageUsageAudit.Cli/PackageUsageAudit.Cli.csprojdotnet test tests/PackageUsageAudit.Tests/PackageUsageAudit.Tests.csproj- This is an audit tool, not a full semantic analyzer.
- Generic package source detection is heuristic and best-effort.
- Conditional MSBuild references are reported but not evaluated.
- Transitive classification depends on readable restore artifacts.
- Razor and CSHTML scanning is text-based.