Managing the complexities of modular software

Last week, I took a dive into the world of JavaScript and NPM (its largest package manager) exploring the granularity of JavaScript software and the importance of package management in that ecosystem.

However, the trend towards modular software packaging in open source extends far beyond JavaScript.  What we find is that many of the largest languages and package managers exhibit a comparable level of modularity to JavaScript and NPM, tending towards small package sizes with many long tail packages that see minimal use.

But what impact does this have on your software development?

Read More
Keenan Szulik
Three ways to improve the sustainability of open source projects

Open source software has been astoundingly successful. Today, it is the basis upon which much of our technology is built, technology that keeps us warm, safe, and happy. Open source projects enable young developers to learn from veterans and entrepreneurs to build million-dollar companies in the space of months.

As great as open source is, we need to be looking out for its future.

Read More
Benjamin Nickolls
JavaScript, NPM, and the rise of granular software

In the last month, we’ve alluded to the relationship between package managers and small, modular packages on a couple of occasions, without explicitly diving in to what that relationship looks like.

Package managers have a significant impact on the way that software is produced and consumed.  JavaScript, and its most prevalent package manager NPM, are an illustrative case.  (In future posts, I’ll examine how other package managers influence their respective software communities.)

Read More
Keenan Szulik
A brief history of package management

Application developers today are used to relying on and pulling in a number of open source libraries to help them focus on the functionality that’s important to their business. Rather than requiring you to find and download each of those libraries individually, though, most programming language ecosystems have a standard (or defacto standard) package manager that helps you to install and manage those libraries.  

For Ruby, that’s RubyGems. For Python, there’s PyPi.  In Java, it’s Maven. JavaScript? NPM.  The list goes on. Libraries.io provides a great way to see this information for any of 36 package managers.

But if we step back in history to a time before any of these modern package managers existed, there was an earlier form of package management for Linux. In fact, Linux distributions have provided package managers for nearly 25 years now.

Read More
Jeremy Katz
Don't judge a project by its GitHub stars alone

Open source is now universally accepted and employed by developers and companies across the world.  This rise in popularity, though, has raised many questions about what exactly the new world of open source looks like.

  • What are the most popular open source languages?  

  • Which packages have had the greatest adoption?  

  • How many packages are actively being used?

As we started to ask questions like these, we realized we needed to simplify our questions a little bit.  When it comes down to it, do we even have ways of getting reliable answers to these questions?

Read More
Keenan Szulik
What makes a top open source package?

Open source is everywhere—not just in startups or big companies but in practically every development team and every language imaginable.

And now we have a chance to better understand just how widespread it really is.


Earlier this week I wrote about Libraries.io, specifically about how its dependent repositories count provides us with the best understanding of the usage and interconnectedness of a given open source package. Today we want to look at which packages are the most interconnected within their given ecosystems, and we’ll do this through the lens of the dependent repositories count.

Read More
Keenan Szulik
Revealing a world of hidden dependencies with Libraries.io

A couple of weeks ago, we announced that Tidelift had joined forces with Libraries.io to make open source software work better for developers and users.

Libraries.io has done a lot of amazing things—many of which Havoc already wrote about—but one of our favorites has been their open data releases, like the one last week, of the largest publicly-available dataset of open source software packages in the world!

This dataset is really unique in how well it helps us understand the inner-workings of the open source universe, but there are a couple particular aspects that really stand out for me.

Read More
Keenan Szulik
Our second Libraries.io open data release has arrived

Today we’re publishing another Libraries.io open data release with over 311 million rows of metadata about open source projects and the network of dependency data that connects them all.

Six months ago we published our first open data as part of our commitment to theAlfred P. Sloan and Ford Foundations. The data supports academics looking into trends in software development, investors to understand the success of projects they support, and developers to understand how their software is used more effectively than ever before.

Last week we announced that Libraries.io has joined forces with Tidelift to make open source software work better for developers and users. Libraries.io’s mission hasn’t changed and we’re going to continue publishing open data releases every quarter to build a stronger, more informed open source ecosystem.

Since our last release the Libraries.io dataset has grown significantly, today we’re releasing data on:

Read More
Andrew Nesbitt
An intro to Libraries.io, the universal catalog of open source

Havoc here! I’m one of the co-founders of Tidelift.

Last week we announced that Andrew Nesbitt and Ben Nickolls have joined Tidelift, bringing their Libraries.io project with them.

Libraries.io started as a side project, but Andrew and Ben spent the past year working on it full time thanks to grants from the Ford and Alfred P. Sloan Foundations. We were fortunate to get to know them and talk them into Tidelift as a long-term home for Libraries.io.

What is Libraries.io?

Simply put, Libraries.io is awesome. It’s a catalog of open source, but unlike many catalog-style sites, Libraries.io is completely language and ecosystem-agnostic. It strives to cover open source in its entirety. This means work on Libraries.io can benefit every ecosystem at once, and it means we can map relationships and make comparisons across ecosystems.

Read More
Havoc Pennington
Hello, Tidelift

10 PRINT "HELLO, WORLD”

Hello from Tidelift!

Our mission is to make open source software work better for developers and users.

We're a team of open source true believers, with a pragmatic bent.

We’re getting started, and we’d like to share some of our perspective and early activities.

Open Source is 💯

Open source is truly everywhere.  It powers financial markets, scientific discoveries, and that buzzing thing in your pocket.

Open source can level the playing field in fascinating ways.  At its best, it’s a way for developers to run with their ideas, regardless of geography or background.  

And billions of lines of open source code provide an amazing starting point for innovators of all kinds.

What we’ve collectively achieved with open source is incredible.

Read More
Donald Fischer