dotnet-modernize
Analyze existing .NET code for modernization opportunities. Identifies outdated target frameworks, deprecated packages, superseded API patterns, and missing modern best practices. Provides actionable recommendations for each finding.
Scope boundary: This skill flags opportunities only. For actual migration paths, polyfill strategies, multi-targeting guidance, and step-by-step version upgrade procedures, see [skill:dotnet-version-upgrade] and [skill:dotnet-multi-targeting].
Prerequisites: Run [skill:dotnet-version-detection] first to determine the current SDK, TFM, and language version. Run [skill:dotnet-project-analysis] to understand solution structure and dependencies.
Cross-references: [skill:dotnet-project-structure] for modern layout conventions, [skill:dotnet-add-analyzers] for analyzer-based detection of deprecated patterns, [skill:dotnet-scaffold-project] for the target state of a fully modernized project.
Modernization Checklist
Run through this checklist against the existing codebase. Each section identifies what to look for and what the modern replacement is.
1. Target Framework
| Current TFM | Status | Recommendation |
|---|
| LTS -- supported until Nov 2026 | Plan upgrade to (LTS) |
| STS -- support ends May 2026 | Upgrade to promptly |
| End of life | Upgrade immediately |
| End of life | Upgrade immediately |
| or lower | End of life | Upgrade immediately |
| Supported (library compat) | Keep if multi-targeting for broad reach |
| End of life | Upgrade immediately |
| Legacy | Evaluate migration feasibility |
To scan all projects:
bash
# Find all TFMs in the solution
find . -name "*.csproj" -exec grep -h "TargetFramework" {} \; | sort -u
# Check Directory.Build.props
grep "TargetFramework" Directory.Build.props 2>/dev/null
2. Deprecated and Superseded Packages
Scan
(or individual
files) for packages that have been superseded:
| Deprecated Package | Replacement | Since |
|---|
Microsoft.Extensions.Http.Polly
| Microsoft.Extensions.Http.Resilience
| .NET 8 |
| (new projects) | | .NET Core 3.0+ |
Microsoft.AspNetCore.Mvc.NewtonsoftJson
| Built-in STJ | .NET Core 3.0+ |
| Built-in OpenAPI (Microsoft.AspNetCore.OpenApi
| .NET 9 |
| Built-in OpenAPI for document generation; keep NSwag if using client generation or Swagger UI features | .NET 9 |
Microsoft.Extensions.Logging.Log4Net.AspNetCore
| Built-in logging + or | .NET Core 2.0+ |
Microsoft.AspNetCore.Authentication.JwtBearer
| Remove explicit PackageReference — included in shared framework | .NET Core 3.0+ |
| | .NET Core 3.0+ |
Microsoft.Azure.Storage.*
| | 2020+ |
| / | 2020+ |
Microsoft.Azure.ServiceBus
| Azure.Messaging.ServiceBus
| 2020+ |
Microsoft.Azure.EventHubs
| Azure.Messaging.EventHubs
| 2020+ |
| (EF6) | Microsoft.EntityFrameworkCore
| .NET Core 1.0+ |
| (older versions) | + | .NET Core+ |
| Manual mapping or source-generated mappers | Preference |
To scan for deprecated packages:
bash
# List all package references
grep -rh "PackageVersion\|PackageReference" \
Directory.Packages.props $(find . -name "*.csproj") 2>/dev/null | \
grep -i "Include=" | sort -u
Note on Newtonsoft.Json: Existing projects with deep Newtonsoft.Json usage (custom converters,
manipulation) may not benefit from immediate migration. Flag it but assess the migration cost.
3. Superseded API Patterns
Look for code patterns that have modern replacements:
Startup.cs / Program.cs Pattern
Old (pre-.NET 6):
csharp
public class Startup
{
public void ConfigureServices(IServiceCollection services) { }
public void Configure(IApplicationBuilder app) { }
}
Modern (minimal hosting):
csharp
var builder = WebApplication.CreateBuilder(args);
// ConfigureServices equivalent
var app = builder.Build();
// Configure equivalent
app.Run();
HttpClient Registration
Old:
csharp
services.AddHttpClient<MyService>(client =>
{
client.BaseAddress = new Uri("https://api.example.com");
})
.AddTransientHttpErrorPolicy(p => p.WaitAndRetryAsync(3, _ => TimeSpan.FromMilliseconds(300)));
Modern (with Microsoft.Extensions.Resilience):
csharp
services.AddHttpClient<MyService>(client =>
{
client.BaseAddress = new Uri("https://api.example.com");
})
.AddStandardResilienceHandler();
Synchronous I/O
Flag: ,
,
without
suffix.
Modern: Use
variants --
,
,
await httpClient.GetAsync()
.
String Concatenation in Hot Paths
Flag: String concatenation (
) or
in logging, loops.
Modern: Use string interpolation with
source generators, or
.
Legacy Collection Patterns
Flag: ,
, non-generic collections.
Modern: ,
, generic collections.
ILogger Pattern
Old:
csharp
_logger.LogInformation("Processing order {OrderId}", orderId);
Modern (high-performance):
csharp
[LoggerMessage(Level = LogLevel.Information, Message = "Processing order {OrderId}")]
static partial void LogProcessingOrder(ILogger logger, string orderId);
4. Missing Modern Build Configuration
Check for the absence of recommended build infrastructure:
| Missing | Check | Recommendation |
|---|
| Central Package Management | No | See [skill:dotnet-project-structure] |
| Directory.Build.props | Properties scattered across files | Centralize shared properties |
| .editorconfig | No at repo root | See [skill:dotnet-project-structure] |
| global.json | No SDK pinning | Add for reproducible builds |
| NuGet audit | No property | Enable in |
| Lock files | No RestorePackagesWithLockFile
| Enable for deterministic restores |
| Package source mapping | No in | Add for supply-chain security |
| Analyzers | No or | See [skill:dotnet-add-analyzers] |
| SourceLink | No SourceLink package reference | Add for debugger source navigation |
| Nullable reference types | not enabled | Enable globally |
| .slnx | Still using with .NET 9+ SDK | Migrate with |
5. Deprecated C# Language Patterns
| Old Pattern | Modern Replacement | Language Version |
|---|
| statement with | expression | C# 8 |
| / checks | | C# 9 |
| with obvious type | Target-typed | C# 9 |
| Block-scoped namespaces | File-scoped namespaces | C# 10 |
| explicit constructor | with positional parameters | C# 10 |
| Manual string concatenation for multi-line | Raw string literals () | C# 11 |
| Explicit interface dispatch for | Generic math interfaces | C# 11 |
| enum manual checks | Improved enum pattern matching | C# 11+ |
| Lambda without natural type | Natural function types | C# 10+ |
| manual wrapping | / with patterns | C# all |
| Primary constructor classes (manual) | Primary constructors on / | C# 12 |
| Multiple / type checks | on type with list patterns | C# 11+ |
| , collections | C# 13 |
| Lock with | | C# 13 |
6. Security and Compliance
| Issue | Detection | Fix |
|---|
| Known vulnerabilities | dotnet list package --vulnerable
| Update affected packages |
| Deprecated packages | dotnet list package --deprecated
| Replace with successors |
| Outdated packages | dotnet list package --outdated
| Evaluate updates |
| Missing HTTPS redirection | No app.UseHttpsRedirection()
| Add to pipeline |
| Missing HSTS | No | Add for production |
| Hardcoded secrets | Connection strings in | Use User Secrets or Key Vault |
bash
# Run all NuGet audits
dotnet list package --vulnerable --include-transitive
dotnet list package --deprecated
dotnet list package --outdated
Running a Modernization Scan
Combine the checks into a systematic scan:
bash
# 1. Check TFMs
echo "=== Target Frameworks ==="
find . -name "*.csproj" -exec grep -Hl "TargetFramework" {} \; | while read f; do
echo "$f: $(grep -o '<TargetFramework[s]*>[^<]*' "$f" | head -1)"
done
# 2. Check for deprecated packages
echo "=== Package Audit ==="
dotnet list package --deprecated 2>/dev/null
dotnet list package --vulnerable --include-transitive 2>/dev/null
# 3. Check build infrastructure
echo "=== Build Infrastructure ==="
test -f Directory.Build.props && echo "OK: Directory.Build.props" || echo "MISSING: Directory.Build.props"
test -f Directory.Packages.props && echo "OK: Directory.Packages.props (CPM)" || echo "MISSING: Directory.Packages.props"
test -f .editorconfig && echo "OK: .editorconfig" || echo "MISSING: .editorconfig"
test -f global.json && echo "OK: global.json" || echo "MISSING: global.json"
test -f nuget.config && echo "OK: nuget.config" || echo "MISSING: nuget.config"
# 4. Check for old patterns in code
echo "=== Code Patterns ==="
grep -rl "class Startup" --include="*.cs" . 2>/dev/null && echo "FOUND: Legacy Startup.cs pattern"
grep -rl "Microsoft.Extensions.Http.Polly" --include="*.csproj" --include="*.props" . 2>/dev/null && echo "FOUND: Deprecated Polly package"
grep -rl "Swashbuckle" --include="*.csproj" --include="*.props" . 2>/dev/null && echo "FOUND: Swashbuckle (consider built-in OpenAPI for .NET 9+)"
grep -rl "System.Data.SqlClient" --include="*.csproj" --include="*.props" . 2>/dev/null && echo "FOUND: System.Data.SqlClient (use Microsoft.Data.SqlClient)"
Prioritizing Modernization
Not all modernization is equally urgent. Prioritize by impact:
- Security -- vulnerable packages, end-of-life TFMs (no security patches)
- Supportability -- deprecated packages with no upstream maintenance
- Performance -- patterns with significant perf impact (sync-over-async, legacy collections in hot paths)
- Developer experience -- build infrastructure (CPM, analyzers, editorconfig) improves daily workflow
- Code style -- language pattern updates are lowest priority but reduce cognitive load over time
What's Next
This skill flags modernization opportunities. For executing upgrades:
- TFM version upgrades and migration paths -- [skill:dotnet-version-upgrade]
- Multi-targeting strategies -- [skill:dotnet-multi-targeting]
- Polyfill packages for cross-version support -- [skill:dotnet-multi-targeting]
- Adding missing build infrastructure -- [skill:dotnet-project-structure], [skill:dotnet-scaffold-project]
- Configuring analyzers -- [skill:dotnet-add-analyzers]
- Adding CI/CD -- [skill:dotnet-add-ci]
References