Fair question! One that is valid for any scalable package management service out there. Please allow us to explain the process in detail.

When publishing a package to any package management server, the endpoint needs to validate the package. After all, you don't want your package repository to become corrupt, do you?

In addition, many other functionality requires post-processing triggered by a package publish event (e.g. search indexing, license analysis or vulnerability scans). Most of this happens in the background, and priority of course goes to doing anything required to just make the package available on the feed.

The tricky part is to simultaneously also ensure consistent and fast package consumption, as this affects many more people than just the package author at publish-time. As always, there's a trade-off.

At MyGet, we try to process 95% of uploads within 2 minutes, 98% within 5 minutes. This usually works, but during busy times of the day there may be an occasional delay of up to 30 minutes.

Besides the above technical reasons, one may also consider some general guidance when it comes to package management processes.

Why do you need to have the package instantly available? Who do you package this component for?

Perhaps the consuming project really belongs in the same solution as the project producing the package?

In many cases, the latter has proven to be true, in which case you simply replace the package reference by a project reference and ensure both projects exist in the same source repository.

Of course, you can still produce the package for others to consume, and chance are very likely they are OK with waiting a few minutes for the package to appear as an available update for them to consume.

Did this answer your question?