After a package is uploaded provide generic validation hook which validates the package before adding it to the repository. Upload should fail if validation failed.
The validation hook might be script based or an external executable which provides exit codes to signal validity of package. The validation should have access at least to the following information:
- Package file and it's contents
- Package type
- Repository name
A NuGet package can be validated (e.g. license URL provided, package id fits certain conventions, ...) during the upload sequence but before added to the feed.