You get commercial support and maintenance for the open source dependencies you use to build your applications, backed by the project maintainers. Save time, reduce risk, and improve code health.
Tidelift uses a layered approach to keep your open source dependencies trouble-free and enterprise-ready.
These three layers, tools, management, and maintainers, make up a complete solution based on open source best practices.
On our overview, we roll up some metrics to track over time across all your projects: security vulnerabilities, licensing concerns, unmaintained packages, and outdated packages.
When most teams first analyze their dependencies, they have hundreds of problems it might be nice to address. Tidelift surfaces a few that we suggest tackling this week.
Zooming in to a single repository, we show you detailed information about potential issues and a searchable, CSV-exportable catalog of the packages the repo depends on. To help you solve issues, we show recommendations powered by our network of upstream maintainers.
You can block code changes that make your dependencies worse on any of the dimensions we cover—including security, licensing, and maintenance. Configure your policy for which issues fail a build, and then add a check to any CI system you use. If you use GitHub.com, you can also configure our app to verify PRs.
We’re the only solution that manages core, mission-critical open-source packages on your behalf, including researching and resolving security, licensing, and maintenance issues — we do this by partnering directly with the open-source maintainers and helping you select the best packages and versions.
The Tidelift Subscription goes beyond fixing past mistakes. We also give you assurances about the future: we pay maintainers to stick around, so you don't have to keep jumping to new packages. We also work with maintainers to adopt best practices on security and licensing.