When you purchase the Tidelift Subscription, we work on your behalf with the creators and maintainers of your specific open source dependencies to keep them in top shape. We also add additional services, advice, and indemnification around these dependencies.
The Tidelift Subscription includes a powerful set of software tools that help you track which packages you use, know when to apply recommended updates, and see how Tidelift's network of maintainers helps you over time.
Here's a tour of how subscribers use the Tidelift software tools.
On our overview, we roll up some metrics to track over time across all your projects: security vulnerabilities, licensing concerns, unmaintained packages, and outdated packages.
When most teams first analyze their dependencies, they have hundreds of problems it might be nice to address. Tidelift surfaces a few that we suggest tackling this week.
Zooming in to a single repository, we show you detailed information about potential issues and a searchable, CSV-exportable catalog of the packages the repo depends on. To help you solve issues, we show recommendations powered by our network of upstream maintainers.
You can block code changes that make your dependencies worse on any of the dimensions we cover—including security, licensing, and maintenance. Configure your policy for which issues fail a build, and then add a check to any CI system you use. If you use GitHub.com, you can also configure our app to verify PRs.
We're showing you problems, but we’re also bringing you solutions—that's the power of our network of creators and maintainers. If you depend on a package directly, you can fix problems with it. But most of the packages you use are dependencies-of-dependencies… we ask maintainers participating in the Tidelift network to fix those for you.
The Tidelift Subscription goes beyond fixing past mistakes. We also give you assurances about the future: we pay maintainers to stick around, so you don't have to keep jumping to new packages. We also work with maintainers to adopt best practices on security and licensing.
Together with our network of creators and maintainers, we're giving you a managed open source stack so you get your team's time back. Take this worry off your plate.
Want to get a taste? We have a self-service free dependency analyzer—we'll show you where you stand at a high level, and give you three actionable suggestions to address today.