Microsoft was able to delete some of our packages without notice - what's the explanation?

[Aaronontheweb]

Full version here: https://aaronstannard.com/microsoft-delete-nuget-packages/

TL;DR version:

We received this email to our NuGet administrator email addresses yesterday morning

Email mentions a vulnerability in Microsoft.Identity.Client and that some recent package versions of ours were impacted by it.

We discover later, when trying to build one of those projects, that both of those affected package versions were hard-deleted from NuGet.org.

We absolutely didn't delete them ourselves, and we're not the only affected authors: https://x.com/spin973/status/1943714651964915882

NuGet makes it very, very had to delete packages on-purpose - in order to avoid left-pad-style issues. Why did Microsoft bypass the normal CVE procedure on NuGet and hard-delete third party packages? What's the limiting principle at work here? And why was this CVE (a typo in an XML-DOC comment, come on) so urgent that it merited this extraordinary work-around?

I depend on NuGet to distribute my intellectual property to my customers - the indefinite availability of packages is an essential part of that guarantee. Will my packages be arbitrarily deleted again in the future without any notice the next time a Microsoft team introduces a severe vulnerability in their code?

[Frulfump]

Interestingly enough https://www.nuget.org/packages/Microsoft.Identity.Client/4.72.1 is deprecated and shows the warning (deprecation message)

These packages have an API comment with an URL with a typo, which does not belong to Microsoft and which can lead to typo-squatting. The packages are flagged by antiviruses."

So it either wasn't fixed in 4.72.1 or it's incorrectly marked as deprecated (at least with that reason). EDIT: Oh I see you kind of covered this in your blog post. (EDIT3: Confirmed accidentally marked as deprecated #14413 (reply in thread) and fixed now)
And the older packages aren't marked as containing a vulnerability, what's the CVE number for this one? EDIT2: I see you covered the CVE thing in the blog as well, I should have probably read that first...

Sucks, but it’s not a “real” CVE in the sense of it impacting actual program execution - a user would have to manually do something with that information in order to be vulnerable.

So that's why I have been seeing new spell check PRs in that repo like
AzureAD/microsoft-authentication-library-for-dotnet#5377
AzureAD/microsoft-authentication-library-for-dotnet#5380
it all makes sense now😅

Update: Azure.Identity.Broker that was released ~4 hours ago calls out a security fix in its release https://github.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity.Broker_1.2.1
https://github.com/Azure/azure-sdk-for-net/blob/Azure.Identity.Broker_1.2.1/sdk/identity/Azure.Identity.Broker/CHANGELOG.md

Updated Azure.Identity to 1.14.2 to apply a security fix in the updated Microsoft.Identity.Client dependency.

So strange that there's an inconsistency with the release note for Azure.Identity.
Previously I asked a question about why the bump wasn't explained in the release note Azure/azure-sdk-for-net#51194 (comment) but has received no answer so far.

Update2: Azure.Identity.Broker 1.2.0 is not deprecated https://www.nuget.org/packages/Azure.Identity.Broker/1.2.0 even tough the 1.2.1 release note confirms it's a security fix in Microsoft.Identity.Client. This is inconsistent with Azure.Identity packages being marked as deprecated due to depending on a deprecated version of Microsoft.Identity.Client https://www.nuget.org/packages/Azure.Identity/1.14.1. Update3: This is now fixed as per comment #14413 (reply in thread)

Update4: I think this part of the deprecation message

The packages are flagged by antiviruses (sic).

Is what's causing the real impact, presumably the definitions of some AV was updated (much?) later than 20:th of May when the fixed version of Microsoft.Identity.Client was released. I assume some big customers started to complain and/or the internal AV scan on nuget.org started to complain as well https://learn.microsoft.com/en-us/nuget/nuget-org/publish-a-package#package-validation-and-indexing?

Packages pushed to nuget.org undergo several validations, such as virus checks, and existing packages are periodically scanned.

Hopefully we can be told which AV's and when their definitions were updated.

[Aaronontheweb]

No no, nothing wrong with your comment at all - I just took inspiration from it!

[bgavrilMS]

I accidentally deprecated Microsoft.Identity.Client 4.72.1 and have restored it now. Thanks for catching this @Frulfump .

[Frulfump]

An earlier report ~4 days ago here AzureAD/microsoft-authentication-library-for-dotnet#5373 even tough they didn't highlight package deletion as an issue they are deleted (maybe the packages were deleted some time later). So Microsoft.Data.SqlClient hasn't been patched yet, this adds onto the whole why is Azure.Identity even a dependency of it dotnet/SqlClient#1108
Interesting to note that the wording is different in Aarons email it says "important update" and in the linked issue it says "critical update requirement" so the wording changed at some point, maybe the initial "critical" component caused more severe internal escalation and it was later down played?
UPDATE: Another little bit earlier (1 hour 45 mins) report here serilog-mssql/serilog-sinks-mssqlserver#624 it also has the wording "critical update requirement"

[scottaddie]

@Frulfump Azure.Identity.Broker v1.2.0 is now deprecated.

[Frulfump]

Looking at https://www.nuget.org/packages/Microsoft.Identity.Client/#usedby-body-tab there's 530 packages that depend on Microsoft.Identity.Client and 124 GitHub repositories.

Top 5 packages

Name	Total Downloads
Azure.Identity	1.0B
Microsoft.Identity.Client.Extensions.Msal	935.3M
Microsoft.Identity.Web.TokenCache	110.8M
Microsoft.Identity.Web.Certificateless	97.2M
Serilog.Sinks.MSSqlServer	32.5M

Azure.Identity is the only one where packages dependent on a version Microsoft.Identity.Client (< 4.72.1) have been deprecated in the top 5 list. Especially surprised by the Microsoft.Identity.* packages not being deprecated.

Top 9 repos

Repository	GitHub Stars
microsoft/semantic-kernel	25.4K
dotnet/roslyn	19.7K
nopSolutions/nopCommerce	9.7K
unoplatform/uno	9.5K
git-ecosystem/git-credential-manager	7.8K
elsa-workflows/elsa-core	7.2K
Azure/azure-sdk-for-net	5.8K
Azure/azure-powershell	4.5K
microsoft/perfview	4.5K

So presumably there's a lot of packages/repos (still) affected.

UPDATE: "-NuGet Team" provided an update #14413 (comment)
the status page https://status.nuget.org/ provides some more details
Posted 2025-07-15T00:40:32Z

NuGet.org flagged a phishing URL embedded in a comment within the widely used Microsoft.Identity.Client package. In response, we wrongfully deleted ~80 dependent packages between July 1st and 10th. We have already restored deletions from July 9th & 10th. ETA for remaining restoration is by end of July 15th. We’ll also provide an update here by then.

We understand the importance of package availability and the trust you place in NuGet as a distribution platform. We are committed to transparency and will provide a more detailed update later this week. If you are an affected package author and need immediate assistance, please contact us at [email protected].

It's not possible to link directly to an update or the history section on the status page, future improvement?

[pascalberger]

What a terrible bad idea this was... So for the sake of the trustworthiness of the ecosystem they decided in my case (a Cake addin) to break existing build pipelines.

Because of a typo in an XML comment, in a dependency of a dependency of a dependency 🤷

[timheuer]

We acknowledge that some package deletions have occurred and are actively investigating what led to this action. We understand the importance of package availability and the trust you place in NuGet as a distribution platform. We are committed to transparency and will provide a more detailed update early next week.

We are currently restoring affected package versions.

If you are an affected package author and need immediate assistance, please contact us at [email protected].

Thank you for your patience while we continue to look into this.

-The NuGet Team

[timheuer]

Will you reply on this thread with your findings once you've had a chance to investigate?

You bet!

[Frulfump]

Spoiler alert: It was the intern, no but jokingly let's guess what the excuse will be.
A game of corporate bingo if you will.

"A mistake was made and our policy was not followed",
"Our policy was followed but it was lacking clear guidelines, we have now updated our policy".
"Because there was no CVE issued this was a new situation for us and there was a cascade of oopsie woopsies that occurred"
"Out of an abundance of caution we...."
"Internal miscommunication"
"We are committed to regaining your trust"
"Mis-click"

"Copilot went brrr"

Something about adding spell checking to all Microsoft/dotnet/NuGet repos to avoid the typo squatting.

Hope the joke comes across
How did I do? What's the communities guesses?

No but seriously appreciate the quick initial response of this unfortunate situation, confirming it is at least something.

Like Aaron has hinted at. Feels like an existential issue for NuGet as we can no longer trust the fundamental principle of packages not being deleted.

https://learn.microsoft.com/en-us/nuget/nuget-org/policies/deleting-packages

nuget.org does not support permanent deletion of packages. Doing so would break every project depending on the availability of the package, especially with build workflows that involve package restore.

Yes exactly...

https://learn.microsoft.com/en-us/nuget/nuget-org/policies/deleting-packages#exceptions

In exceptional situations such as copyright infringement and potentially harmful content, packages can be deleted manually by the NuGet team. You can report a package using the "Report abuse" button on the NuGet.org package details page. If you are the package owner, login to your NuGet.org account to reach NuGet support using the "Contact support" button on the NuGet.org package details page.

So at least it's a manual process from that so it was an explicit action, was each individual package manually deleted or was there some automation applied?
Deletion in the exception case must have multiple people signing off on it I hope given the clear issues it can bring as clearly laid out in the first paragraph of the document, I'm sure we will get a complete post-mortem detailing how it happened.

Maybe it falls under https://learn.microsoft.com/en-us/nuget/nuget-org/policies/deleting-packages#prohibited-use but I doubt it

Note that the NuGet team and the .NET Foundation reserves the right to change these criteria at any time.

Why wasn't the offending package deleted (actually a good thing I guess but interesting) and only (some?) dependent packages?
How many packages and versions were affected, could we get the complete list?

Why did it take so long for Azure.Identity to get patched (seemingly after it was pointed out on X by Aaron), take us through the time line of events.
Why is the issue still present in 4.72.1 even tough it was mentioned in the email as fixed on the 20th of May? (EDIT: Confirmed accidentally marked as deprecated #14413 (reply in thread) and fixed now)
Feels a bit strange and also that the spell check PRs started to show up in the AzureAD/microsoft-authentication-library-for-dotnet#5377 only on the evening (UTC) of the 10:th of July it coincides with the packages being deleted makes me think that something happened internally much later than 20:th of May to make things "move around".

[houstonhaynes]

Like Aaron has hinted at. Feels like an existential issue for NuGet as we can no longer trust the fundamental principle of packages not being deleted.

https://learn.microsoft.com/en-us/nuget/nuget-org/policies/deleting-packages

I'm creating a new framework for F# that compiles through MLIR and LLVM (with other back-ends on the roadmap). I don't want to center my rationale for creating my own package management system on my earned distrust of Microsoft. The reasons are primarily structural - as the Fidelity framework requires all dependencies to be sourced-based. However, it is worth mentioning that over the years I've seen enough behaviors from the .NET Foundation and Microsoft writ-large that I no longer have confidence that they will act in accordance with their stated values.

This particular incident could have been an "innocent mistake" but in the confluence of how Microsoft is behaving as a community steward, it matters very little whether that behavior is intentional. The saying goes "never attribute to malice that which can be more easily explained by incompetence" but the stakes for this ecosystem being what it is - it hardly matters why it happened. To me it only matters that it happened at all.

The current designs for my compiler still use dotnet tooling, along with other support components that I eventually plan to self-host once the F#->MLIR->LLVM landscape is broad enough to support them. But now I'm reconsidering where self-hosting stands on the priority down-list now that I've seen this sequence of events transpire. While my main motivation for creating this framework is to have "native" options for F# along with .NET and Fable Compiler ecosystems, it is now a non-zero consideration to move away from .NET altogether as a matter of business continuity.

I hope those observing this event from Microsoft management perspective are seeing how serious this situation is, but I certainly don't expect them to respond in accordance with that seriousness. That echelon of Microsoft has merely demonstrated concern/interest that barely rises to the level of "performative". It's a shame to see "cracks in the edifice" show this way. But it underscores (to me, at least) that alternative ecosystems and maintaining optionality for developers is more important than ever. The future of technology is much bigger than Microsoft. That future is too important to leave it solely in the hands of a monopolist that acts unilaterally in its own perceived interest irrespective of its stated goals as a community "citizen".

[smartcaveman]

Sometimes there are problems and sometimes they get fixed. This strikes me as the type of problem that will probably get fixed.

It seems like you make a lot of valuable contributions to the OSS community and that's awesome.

The following is intended with compassion and I hope that is how it is received. Regarding

it is now a non-zero consideration to move away from .NET altogether as a matter of business continuity.

It feels unkind for nobody to tell you that it is very difficult to see this as anything other than embarrassingly opportunistic.

[houstonhaynes]

I appreciate your input, but I'm not sure what the opportunism is here. I'm mourning the loss of trust due to a company that shows multiple consistent signals of being "too big to care". For years I was pretty firmly "in the camp" of Microsoft because of what I saw then as preserving the aligned interest with the customer, as opposed to the surveillance capitalism of other technology-adjacent companies like Google and Meta. That (perhaps naive) perception has been pretty deeply cut over the past few years and I see no sign of reversal.

I'm glad to see the attention this particular episode has gotten has triggered some observable response to reverse the immediate harms that were done. But my point here is about the undermining of trust. I'm not confident that tactical scurrying about after-the-fact changes my position on thinking about the direction of with my work. For certain, I really enjoy the Fable compiler and appreciate the huge amount of independent work they put in for web development in F#. I originally saw the Fidelity framework as a means to use LLVM's targeting to deploy type-safe F# code to a variety of targets and formats where a .NET style runtime is a poor fit (micro-controllers and accelerators). The original thesis for my work was to keep .NET "in its sweet spot", and use Fable and Fidelity for the rest. The interop work there is non-trivial. That hasn't changed with this event. It can't. I am, like the rest of us, trapped by the decisions of a 'steward' who - to my view - shows only performative interest in responding to the broader community where it suits their marketing posture. I suppose this event has gotten more attention than I was expecting. That would mean, among other things, that the free labor provided by "the community" includes policing Microsoft's behavior such that the kerfuffle triggers an appropriate response, along with all of the time spent on clean-up after they've wrecked the room. I certainly don't have time for that kind of work. But if you're deeply vested, count it as part of the cost of doing business in this ecosystem.

To be sure, I'm not just referring to nuking packages in NuGet. It's also "pulling up the drawbridge" for VSCode extension support in forked apps. It's also about reshaping AI as an ersatz remote desktop surveillance tool. The list goes on and on. I find it hard to take any conversation - in person or online - as a serious one if one side of it refuses to acknowledge the consistent behavior of an aspiring monopolist. That includes unilateral discarding of their stated policies, whether by oversight or deliberate lack of care. To the community, this is a serious error. To them, it's a rounding error.

Frankly I didn't expect my note to get any response at all because my area of interest is F#. Feel free to draw a line under it. ☮️

[seaniyer]

A quick note on progress: We have already restored packages removed on July 9th & 10th and are working on restoring the rest as quickly as possible. Current ETA is end of tomorrow. Please see https://status.nuget.org/ for further updates. We'll provide a more detailed report later this week.

-NuGet team

[Frulfump]

Nice to get an update of any sort, still hoping for the detailed report tough. By why do we need to manually and periodically check status.nuget.org for updates, you can provide them here as part of proper incident response.

Yes please we need the whole list (previously requested in this comment #14413 (reply in thread))

From the status page (it's not possible to link directly to an update or the history section, future improvement?)
Posted 2025-07-15T00:40:32Z

NuGet.org flagged a phishing URL embedded in a comment within the widely used Microsoft.Identity.Client package. In response, we wrongfully deleted ~80 dependent packages between July 1st and 10th. We have already restored deletions from July 9th & 10th. ETA for remaining restoration is by end of July 15th. We’ll also provide an update here by then.

We understand the importance of package availability and the trust you place in NuGet as a distribution platform. We are committed to transparency and will provide a more detailed update later this week. If you are an affected package author and need immediate assistance, please contact us at [email protected].

So it's taking a day to restore 80 packages that seems slow, could you walk us through the process so we understand why it's taking so long?

The deletion event is kind of binary, we are in a post-deletion world it doesn't matter much that the packages are restored as all known cases in this discussion have already made fixes to their packages and uploaded new versions. The damage has already been done.

Tim mentioned here #14413 (comment)

We are committed to transparency and will provide a more detailed update early next week.

But that has then changed to later this week? Why initially mention early this week and then retract from that, would have been better to provide a broader window from the start. (Under promise over deliver should be a guiding star).

[pascalberger]

The deletion event is kind of binary, we are in a post-deletion world it doesn't matter much that the packages are restored as all known cases in this discussion have already made fixes to their packages and uploaded new versions. The damage has already been done.

There are cases where it matters that they are restored. There are now versions cached on caching feeds which no longer exist upstream, leading to confusion. And in a pinned down deterministic scenario the missing packages will still break / render other packages usable. E.g. I've a set of packages which are versioned and released together, only one of it was deleted, but other have a dependency on it. If it wouldn't be restored I would need to unlist the other packages to avoid confusion.

[Frulfump]

There are cases where it matters that they are restored. There are now versions cached on caching feeds which no longer exist upstream, leading to confusion. And in a pinned down deterministic scenario the missing packages will still break / render other packages usable. E.g. I've a set of packages which are versioned and released together, only one of it was deleted, but other have a dependency on it. If it wouldn't be restored I would need to unlist the other packages to avoid confusion.

That's true and I agree. Do you have a link to your affected package repo?

[pascalberger]

There are cases where it matters that they are restored. There are now versions cached on caching feeds which no longer exist upstream, leading to confusion. And in a pinned down deterministic scenario the missing packages will still break / render other packages usable. E.g. I've a set of packages which are versioned and released together, only one of it was deleted, but other have a dependency on it. If it wouldn't be restored I would need to unlist the other packages to avoid confusion.

That's true and I agree. Do you have a link to your affected package repo?

Sure, the above example is https://www.nuget.org/packages/Cake.Frosting.Issues.PullRequests.AzureDevOps/5.6.0

[Frulfump]

Another status update that haven't been mentioned in this discussion.
https://status.nuget.org/ (Still can't link to individual status updates)

~14 hours ago (2025-07-17T00:19:24Z)

All NuGet packages mistakenly deleted (in response to Microsoft.Identity.Client phishing URL incident) have been restored, listed and fully available back on NuGet.org. We have individually communicated to the impacted authors.

Hoping for that detailed report very soon!

[pascalberger]

First, thanks for restoring the packages.

Honestly, I'm still not happy how this issue is handled:

This status on nuget.org sounds good, but Impacted owners will also be individually notified was not true in my case. As a package author, I neither was notified when the package was deleted, nor when it was restored, nor when it was unlisted, nor did get a reply to my message to support to which I was pointed to. Nada.

Looking forward to hearing the RCA and getting answers to the questions raised by others in this issue.

[Frulfump]

I agree with that. I also think they should've provided that status update in this discussion as part of proper incident response and not force us to manually check status.nuget.org (I didn't know there had been an update before your comment.)

[Frulfump]

Seems one maintainer received an email apology very recently

serilog-mssql/serilog-sinks-mssqlserver#624 (comment)

Hello,

We’re reaching out regarding your NuGet package "Serilog.Sinks.MSSqlServer" that was recently, wrongly removed from NuGet.org. We sincerely apologize for the disruption this may have caused!

Due to a detection related to a phishing URL embedded in a transitive dependency, your package was incorrectly flagged and removed from NuGet.org. This action was not intended and we are taking steps to prevent this from happening again. We will share more details in the next few days in a public announcement.

We’ve since restored your package and taken steps to ensure it passes validation. If you encounter any issues or have questions, please don’t hesitate to contact us directly.

To stay informed about platform status and updates about this incident, you can follow the NuGet Status Page: https://status.nuget.org.

Thank you for your understanding and for being part of the NuGet community! 🙏

Best Regards,
NuGet Admin
(tracking: 80c2ec86)

Privacy Statement

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052, USA

[pascalberger]

I now also received one, after I've written the above complain. Still don't get the order of actions, package was already restored over a day ago. Status is also 11 hours old. Emails usually travel pretty fast :-)

[Aaronontheweb]

We also received one of these - so it sounds like an automated malware detection system was responsible for this?

[Frulfump]

Yeah seems like it.

[Frulfump]

I created a feature request here #14425 for allowing you to check if any package in your dependency graph has been deleted. By adding a new command dotnet list package --deleted
Rationale from the issue:

But today you would be blissfully unaware until you try to re-build your application or package that's dependent on a deleted package.
Moreover if your application or package is never re-built you would never know. And for some of the reasons you would very much like to not be dependent on that version anymore and have that in Production.

But maybe you have some CI that runs (using a package cache) and you still wouldn't know that the upstream package has been deleted. In those cases it would help if you could include dotnet list package --deleted and by default fail your build if any are detected.

[seaniyer]

After fully restoring the deleted packages, we have published a detailed update from the Root Cause Analysis/Postmortem. Our sincere thanks for your input, patience and understanding.