The more code you have, the more slowly your team moves. We've all been there. Faced with a business problem, you start to build software. As the code grows, you spend more and more of your team's capacity maintaining code you already have.
You're already outsourcing whatever you can, but some code can't be a service. SaaS takes software off your plate and puts it in the hands of a vendor, but it's tough to do this with a JSON parser, an ORM, or a web framework. That's when you pull open source packages into your application, "outsourcing" the initial development of reusable components and libraries. Without open source packages you'd spend the first two years of every project reinventing wheels.
Many assume that widely used open source software always gets maintained somehow. Nothing could be further from the truth; it's become an industry crisis. The Ford Foundation report Roads & Bridges did a lot to raise awareness, but we're reminded daily by crises like the recent hack of event-stream.
This is slowing your team down and draining their attention, and we haven't even talked about actually improving these packages, or keeping them in sync with new frameworks and architectures… who's doing those things?
For many packages, nobody is.
How much faster could you move if your dependencies had that last 10% of refinement: decent documentation, nicer error messages, removing that one annoying limitation with 107 upvotes on GitHub…
“We’ve lost half a day at release time because of a sudden vulnerability in a dependency and having to figure out whether to update and hope it doesn't break anything.”
What if you could have the flexibility of open source with the assurances of vendor-provided code? It'd be great to choose any open source you need from Maven Central, npm, Rubygems, PyPI, or wherever, and manage it all in one place. What if you could easily set up continuous tracking of your dependencies, and then have a straightforward list of issues to be aware of—all in one place?
That'd be great, but you'd still have to fix those issues. What if you could also get some proactive assurances that the list of issues will go down in the future—that your dependencies in particular won't have so many security, licensing, and maintenance problems to worry about? You'd have significantly more peace-of-mind around your open source stack.
That's the product we've built.
It's called the Tidelift Subscription. Here's how it works:
Ready to learn more?
How do we do it? We've set up software and business processes for our subscribers to manage all their open source packages, at scale The two key elements:
Here's exactly what happens when you subscribe to Tidelift.