How it works
Few teams are building applications using only one open source ecosystem. Instead, they have hundreds-to-thousands of dependencies from package managers such as Maven, RubyGems, and npm.
The Tidelift Subscription gives you one source for professionally supported open source. Here's how it works.
- We use automated tools integrated with your existing GitHub workflow to understand exactly which packages you actually use—your full dependency graph, including indirect dependencies.
- We define uniform standards for commercial-grade maintenance, security, and legal vetting.
- We enlist—and pay—the upstream projects themselves to keep your dependencies maintained to these uniform standards.
- We keep you informed and updated about your dependencies—whether there's a new security issue or an exciting new feature, you'll be the first to know.
- When packages fail to meet our standards, we'll get it fixed.
- Subscriptions cover core packages you've heard of, but also the deep dependency graph of 1000+ packages found in typical applications.
Talk to us about coverage for
the open source software you use