Bug Package allows referencing assets outside package

One of the reasons we're looking at packages is to have some form of safety on interdependent linking of assets for the assets we use across multiple projects. I come from a Maven/Gradle background and a core tenet of a package there (and afaik, anywhere) is that it cannot link to outside references, unless specified as a dependency.

As far as I can tell, Unity doesn't restrict linking assets that exist outside the package. Is this a correct?

Per example, given the following assets:

- `/Assets/a.prefab`
- `/Packages/com.company.test/b.prefab`

Prefab `b` is currently able to reference prefab `a`, which exists outside the package.
(Tested through a script that accepts `GameObject` references)

This to me seems like incorrect behavior and requires the user to always be vigilant to not incorrectly link to outside assets. Is there some strict mode I can enable, or some other solution?

 

Greetings!

Apologies for the delay in reply here. I've not forgotten about you and just waiting to hear back regarding a response.

 

Thank you, we eagerly await the reply!

 

Hello there!

Since the package "A" is embeded, it means that it becomes part of the project.

But - if that same package was a file reference, then "B" should not be able to reference it. This is not desirable, but the Asset Database currently does not enforce limitations on asset references to prevent an asset from referencing another that does not belong in a dependency

For instance, package com.company.test does not depend on the project Assets - so conceptually speaking, prefab B referencing prefab A is a mistake, but one we cannot/don't validate.

 

Thank you for following up on this and getting back to me.
I assume that this is then now logged and is something that (at some point) will be picked up (for file based reference packages)?

 

One of the main issues that introducing this constraint would bring is that probably all user projects and packages, and quite a few Unity packages, would break: the constraint would disallow something that is freely doable today.

The only way this could be introduced would be in stages: as an option first (so that users could willingly turn it on, then one LTS cycle later enable it by default (and either assuming we'll break most user projects, or making sure there's a painless/easy upgrade path).

For the moment, there is no plan in place to eventually do this but the team have acknowledged that this feature is quite desirable so it may be the case that over time, this comes to fruition.

 

Understandable - I would definitely recommend that the option to turn it on per package be explored ASAP because Unity has signaled to package developers that UPM is the way forward and all development now happens in that context.

Creating a save-reaction that verifies that any GUIDs serialized into an asset are inside the package of the asset was rather straight forward, but it is something we can't integrate into our Unity workflow because there is no first-class support for it. Which in turn made it relatively useless from a workflow perspective and only usable in various build steps or else risk slowing down Unity too much.