The Tidelift Subscription includes
a service for maintaining customized catalogs of open source package releases
a set of Tidelift-managed catalogs to use as a foundation for your customized catalogs
Each catalog contains a set of package releases and defines standards that those releases must meet. Managing a catalog involves updating the set of included package releases as required to keep it up to standard and meet user needs.
Tidelift's service and APIs are used to build customized catalogs, scan your own software projects, and align those projects to your catalogs. This service is created by Tidelift, and is distinct from the open source packages which make up your dependencies. Sign in to your Tidelift account to access this service.
We have a number of other package managers which are in beta; we welcome your feedback and experiences with those, but they are not yet subject to our service level agreement.
Working with maintainers, Tidelift manages a set of catalogs as part of the Tidelift service. Subscribers can build on the work we do in these catalogs to save time and effort managing their own customized catalogs.
All Tidelift-managed catalogs are included in the Tidelift Subscription.
Each Tidelift-managed catalog documents its own standards. A catalog contains a set of package releases, and Tidelift will update the releases in the catalog as required such that the catalog continues to meet its defined standards.
Working together with our network of partnered independent open source maintainers, Tidelift currently manages three catalogs.
Our license-annotated catalog has machine-readable, SPDX-format licenses on all packages in the catalog, enabling subscribers to apply an automated license policy. This catalog lets customers screen out unacceptable licenses without independently researching thousands of false positives—packages often have acceptable licenses that are not properly annotated. Our license annotations are advised and vetted by the maintainers behind Tidelift.
Our security-advised catalog provides advice and remediation around security vulnerabilities. Our network of maintainers helps us to provide the best advice, in particular avoiding false positives.
Our indemnified catalog provides IP protection in addition to the above license annotation and security advice standards.
If you're a Tidelift subscriber, please email support@tidelift.com and let us know how we can help! We are eager to know about any issue with our tools or your open source dependencies, and will do what we can to help.
When seeking support as part of your Tidelift Subscription, please do not contact an upstream project directly (for example by filing a GitHub issue). To ensure our participating maintainers know you're a subscriber and ensure we can track our SLA performance, we would like all Tidelift-related requests to originate through Tidelift channels.
Hours | 9am–5pm ET on business days |
Access | |
Severity 1 | 4 hours acknowledgement time |
Severity 2 | 8 hours |
Severity 3 | 24 hours |
Severity 4 | 48 hours |
Severity 1 | Any issue resulting in a full outage to the subscriber's production service. |
Severity 2 | An issue with a high impact on a subscriber's production service or a severe impact on their non-critical business operations. |
Severity 3 | An issue with a moderate impact on the subscriber's business operations or that disrupts a planned deployment. |
Severity 4 | An issue or question with low to no immediate impact on subscriber's business operations. |
The Tidelift Subscription uses a per development team pricing model. Your subscription is priced based on the number of development teams in your organization who are developing applications using the open source dependencies that are covered by the Tidelift Subscription, and the number of developers on those teams. We define a single team as up to 25 developers contributing to a shared application code base.
So if you have 200 developers who are using open source components in the applications they build, you would need a subscription that covers at least 200 developers. You can find the current details on our pricing page or by contacting a member of our sales team.