<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Lifter tasks

Get paid to validate your packages meet important industry standards.


What are lifter tasks? 

When you partner with Tidelift as a maintainer, you’ll be working with us to ensure your projects meet important, maintainer-validated industry standards. A lifter is a Tidelift maintainer partner—learn more about being a lifter here. Lifter tasks are actions you can take, presented in an efficient management dashboard, to keep your projects at a level of maturity that enterprise customers expect.

Here is the most current set of tasks applicable to lifters, and are subject to change over time to reflect the needs of the open source ecosystem:

Confirm that this additional layer of security is enabled on your GitHub account, if there is one on record

Confirm that this additional layer of security is enabled for the package manager level where new versions are distributed

Set source repository URL

Provide the correct link to the repository for this package

Confirm that you have reviewed and confirmed that only authorized the right people have access to manage releases for your package(s)

Provide detailed, conditional feedback on the vulnerabilities found in your package(s) so subscribers have the most accurate source of truth for the vulnerability

Set the versioning scheme the package uses to better understand which releases may have breaking changes

Clearly document that license type that has been assigned for your package(s)

Confirm there is a process in place for handling vulnerabilities found in your package(s)

Confirm which versions you are willing to provide security updates for and if you will offer subscribers any additional level of updates beyond what you offer all users

Why do these tasks matter? 

At Tidelift, our mission is to make open source work better—for everyone. We want to help improve the health and resilience of open source by working with you to implement security and maintenance standards that have been verified as valuable by your fellow open source maintainers. 

We want to minimize the occurrence of open source supply chain attacks by improving the health and resilience of your open source package by asking you to implement standards that have been verified by your fellow open source maintainers. Open source packages such as urllib3, jackson-core, and byte-buddy have already seen marked improvements in their health scores as measured by the OpenSSF Scorecards after implementing these standards.






How do I manage multiple packages?

With our dashboard, you can lift and see all of your packages, and the tasks required to keep them healthy and secure.

"Being lifted is like getting a record deal, or winning the lottery, or some other fantastic event that is hard to believe is real. It's … quite a privilege to be paid to do open source work."

- Alex Clark, Pillow

Ready to get started? 

Sign up today