Tidelift’s open source package intelligence data is researched and validated by Tidelift and our paid maintainer partners and available via the Tidelift Subscription. Tidelift automates the data collection, curates and structures the data, and provides APIs to easily integrate with existing workflows and business intelligence tools.
With the Tidelift Subscription, you’ll have access to:
Tidelift partners directly with the maintainers of thousands of the most popular open source packages and pays them to validate they follow secure development practices like those outlined by government and industry, such as the NIST Secure Software Development Framework (SSDF) and the OpenSSF Scorecards project. This provides organizations with unique first-party, maintainer-sourced insights such as:
Tidelift aggregates data across multiple upstream package manager ecosystems and source repositories into a centralized and structured format. As part of this process, Tidelift enhances the data collected from various sources to produce insights such as:
The upstream data is analyzed and further researched by the Tidelift data science team with the aim of providing more contextualized insights for our customers. Packages and releases are analyzed on a number of criteria, producing insights such as: