A tour of the Tidelift Subscription

Enterprise-ready software—managed for you

The Tidelift Subscription is a managed open source subscription for application dependencies covering millions of open source projects across JavaScript, Python, Java, PHP, Ruby, .NET, and more.

You get commercial support and maintenance for the open source dependencies you use to build your applications, backed by the project maintainers. Save time, reduce risk, and improve code health.

try it free


How does it work?

Tidelift uses a layered approach to keep your open source dependencies trouble-free and enterprise-ready.

  • Tools. We provide tools to keep track of all the dependencies you use, flag issues, and enforce policies.
  • Management. We manage core, mission-critical packages on your behalf, including researching and resolving issues so you don't have to anymore.
  • Maintainers. We recruit maintainers for many important projects and pay them to proactively prevent problems and address the root causes of issues.

These three layers, tools, management, and maintainers, make up a complete solution based on open source best practices.

Key features


Know where you stand

On our overview, we roll up some metrics to track over time across all your projects: security vulnerabilities, licensing concerns, unmaintained packages, and outdated packages.

Continuously improve

When most teams first analyze their dependencies, they have hundreds of problems it might be nice to address. Tidelift surfaces a few that we suggest tackling this week.





Dive into the details

Zooming in to a single repository, we show you detailed information about potential issues and a searchable, CSV-exportable catalog of the packages the repo depends on. To help you solve issues, we show recommendations powered by our network of upstream maintainers.


Prevent regressions

You can block code changes that make your dependencies worse on any of the dimensions we cover—including security, licensing, and maintenance. Configure your policy for which issues fail a build, and then add a check to any CI system you use. If you use GitHub.com, you can also configure our app to verify PRs.






See issues resolved for you

We’re the only solution that manages core, mission-critical open-source packages on your behalf, including researching and resolving security, licensing, and maintenance issues — we do this by partnering directly with the open-source maintainers and helping you select the best packages and versions.


Be on top of things proactively

The Tidelift Subscription goes beyond fixing past mistakes. We also give you assurances about the future: we pay maintainers to stick around, so you don't have to keep jumping to new packages. We also work with maintainers to adopt best practices on security and licensing.




The Tidelift Subscription is a comprehensive solution

Together with our network of creators and maintainers, we're giving you a comprehensive managed open source solution that saves your team’s time, while reducing risk and improving code health.

try it free