Guides and reports

Learn how to proactively reduce security risk from bad open source packages and use open source with confidence with the Tidelift Subscription.

The easiest way to avoid having to replace problematic open source dependencies is to not bring them in at all. Learn more in our newest inforgraphic.

Hundreds of maintainers responded with thoughts about how they fund their work, what they enjoy about being a maintainer, what they don’t like so much, along with a host of other interesting insights.

Recently, the White House issued a much anticipated executive order on improving the cybersecurity of the United States.

We thought it might be fun to tell the story of how the Tidelift Subscription works—as a children's book.

Learn how a managed open source strategy can help ensure that the components you use to build applications consistently adhere to security best practices.

We explain important licensing considerations for any team using open source components.

Learn how to quickly and safely choose the best packages for your application development projects.