<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=420236&amp;fmt=gif">

Over $1M now available to pay open source maintainers! Get the details.

The Tidelift Subscription

The software you already use. The professional support you need. Directly from the experts who know it best.
request a demo


Develop and deploy with confidence

The Tidelift Subscription provides commercial-grade security updates, maintenance, and legal assurances for the open source projects you depend on, provided directly by the experts who created them.

what's included

open source projects
open source projects with the tidelift subscription
Freely available open source code
Security: Timely notifications and help addressing vulnerabilities
Maintenance: Assurance of ongoing high-quality maintenance into the future
Licensing: Legal assurances documenting license status and whether current usage is compatible
Comprehensive view: A clear way to understand all of your organization’s open source dependencies and better manage risk

request a demo



Pay the maintainers with one subscription: Buy one subscription directly from Tidelift and you’ll be supporting the components you use and the people who create and maintain them, throughout your dependency graph.

Manage all of your open source dependencies: A clear, centralized way to understand more about the components you count on, including how widely they are used, how well supported they are, and whether there are other options available.

Comprehensive perspective: Tidelift tracks over 3.1 million open source projects. We provide a single view that covers all of the open source stacks, languages, frameworks, and components across your organization.


Uniform standards: We understand commercial expectations and help all the open source packages you use meet them by directly providing funding, information, and resources to maintainers.

Live monitoring and warnings: Is your project pulling in outdated, insecure, or improperly licensed components? We flag and prioritize the issues, while providing the relevant context to inform your decisions.

Maintenance: We’ll help you stay on actively maintained, high-quality dependencies for years to come, saving your development team from tedious maintenance tasks and keeping them focused on what’s important for your business.


Simple automation: Seamlessly integrates with your existing developer workflow to review your code base and dependencies with every pull request and check-in.

Use the same code you already use: No need to adopt a vendor-blessed stack. We work directly with upstream maintainers to make the components you are already using more dependable.

How it works

Few teams are building applications using only one open source ecosystem. Instead, they have hundreds-to-thousands of dependencies from package managers such as Maven, RubyGems, and npm.

The Tidelift Subscription gives you one source for professionally supported open source. Here's how it works.

  • We use automated tools integrated with your existing GitHub workflow to understand exactly which packages you actually use—your full dependency graph, including indirect dependencies.
  • We define uniform standards for commercial-grade maintenance, security, and legal vetting.
  • We enlist—and pay—the upstream projects themselves to keep your dependencies maintained to these uniform standards.
  • We keep you informed and updated about your dependencies—whether there's a new security issue or an exciting new feature, you'll be the first to know.
  • When packages fail to meet our standards, we'll get it fixed.
  • Subscriptions cover core packages you've heard of, but also the deep dependency graph of 1000+ packages found in typical applications.

Talk to us about coverage for
the open source software you use

Talk to sales

Featured packages supported by the Tidelift Subscription

  • vue-1
  • babel
  • material-ui-1
  • fabric
  • doctrine
  • gulp
  • vuetify
  • celery
  • nuxt
  • mongoose
  • marshmallow
  • cherrypy
  • “proxy-manager"
  • cherrypy
  • cherrypy


The definitive guide to professional open source

Best practices for responsibly using open source components in your organization

Get the guide