The Tidelift Subscription

The software you already use. The professional support you need. Directly from the experts who know it best.


Develop and deploy with confidence

The Tidelift Subscription delivers commercial-grade security updates, maintenance, and quality assurance for the open source projects you depend on, provided directly by the people who created them.

Tidelift subscription


Support for the open source software you already use.

Works with GitHub.

Get Started

Tidelift subscription


Adds support for on-premise deployments including GitHub Enterprise.

Customized for large organizations.

Get Started



Pay the maintainers with one subscription: Buy one subscription directly from Tidelift and you’ll be supporting the components you use and the people who create and maintain them, throughout your dependency graph.

Manage all of your open source dependencies: A clear, centralized way to understand more about the components you count on, including how widely they are used, how well supported they are, and whether there are other options available.

Comprehensive perspective: Tidelift tracks over 3.1 million open source projects. We provide a single view that covers all of the open source stacks, languages, frameworks, and components across your organization.


Uniform standards: We understand commercial expectations and help all the open source packages you use meet them by directly providing funding, information, and resources to maintainers.

Live monitoring and warnings: Is your project pulling in outdated, insecure, or improperly licensed components? We flag and prioritize the issues, while providing the relevant context to inform your decisions.

Maintenance: We’ll help you stay on actively maintained, high-quality dependencies for years to come, saving your development team from tedious maintenance tasks and keeping them focused on what’s important for your business.


Simple automation: Seamlessly integrates with your existing developer workflow to review your code base and dependencies with every pull request and check-in.

Use the same code you already use: No need to adopt a vendor-blessed stack. We work directly with upstream maintainers to make the components you are already using more dependable.

How it works

Few teams are building applications using only one open source ecosystem. Instead, they have hundreds-to-thousands of dependencies from package managers such as Maven, RubyGems, and npm.

The Tidelift Subscription gives you one source for professionally supported open source. Here's how it works.

  • We use automated tools integrated with your existing GitHub workflow to understand exactly which packages you actually use—your full dependency graph, including indirect dependencies.
  • We define uniform standards for commercial-grade maintenance, security, and legal vetting.
  • We enlist—and pay—the upstream projects themselves to keep your dependencies maintained to these uniform standards.
  • We keep you informed and updated about your dependencies—whether there's a new security issue or an exciting new feature, you'll be the first to know.
  • When packages fail to meet our standards, we'll get it fixed.
  • Subscriptions cover core packages you've heard of, but also the deep dependency graph of 1000+ packages found in typical applications.

Talk to us about coverage for
the open source software you use

Contact us

Indexing 24 package manager ecosystems

  • go.png
  • npm.png
  • packagist.png
  • rubygems.png
  • PyPI.png
  • nuget.png
  • maven.png
  • Bower.png
  • hackage.png
  • cocoapods.png
  • CPAN.png
  • clojars.png
  • meteor.png
  • CRAN.png
  • cargo.png
  • hex.png
  • swift.png
  • pub.png
  • carthage.png
  • dub.png
  • julia.png
  • shards.png
  • haxelib.png
  • elm.png


The definitive guide to professional open source

Best practices for responsibly using open source components in your organization

Get the guide