The Tidelift Subscription

A managed open source subscription backed by creators and maintainers. Because unmaintained code slows you down and adds risk.

Try our free dependency analyzer


Have you ever faced a no-good-options "dependency hell" choice, like the one in this tweet?

The root cause: lack of maintenance. When open source code isn’t well maintained (often because the maintainers are volunteers!), your team picks up the pieces by taking on non-core work.

Let's count the ways teams spend time taking care of their dependencies

  • Staying up to date with the latest bugfix versions.
  • Porting to new, incompatible major versions of frameworks— when the upstream project has no bandwidth to support old releases.
  • Dealing with issues caused by missing or unreliable package maintainers: you get to waste your team's time porting to a replacement package (best case) or risk a nasty trojan (worst case).
  • Handling requests from your legal department to list every package you're using, along with their licenses.
  • Documenting everything you use for your security team, and addressing live vulnerabilities.

Yes, open source is free—if your time is worth nothing.

This maintenance work is wasting your team’s time and draining their attention.



And what happens when something goes wrong?

We hope you've never been thrown under the bus in front of Congress, like the poor person who failed to update Apache Struts at Equifax.

It's absurd to blame this sort of maintenance failure on one person, rather than processes and practices. Those processes and practices take time to do well.

What if you could keep moving fast and not break things?

You're already outsourcing whatever you can, but some code can't be a service. That's when you pull open source packages into your application, "outsourcing" the initial development of reusable components and libraries. Without open source packages you'd spend the first two years of every project reinventing wheels.

But you haven't addressed the ongoing maintenance of these packages.

What if someone was proactively managing your open source dependencies for you, helping ensure they continue to get better and play well with each other and your own code? What if you could have the flexibility to bring in open source components with the confidence that they are being maintained well?

Want to see how healthy your open source dependencies are today?

Try our free dependency analyzer



The Tidelift Subscription
manages your dependencies for you.
How do we do it?

We provide the tools you need to continuously catalog and understand the open source software that your application depends on.
We partner with and pay the open source community maintainers of the exact packages you use, to ensure they meet the standards you require.
We address issues proactively, not only scanning for new security, licensing, and maintenance issues, but also working with our participating open source maintainers to resolve them on your behalf.
We help you measure and improve your open source dependencies' health—which improves your app’s health—and give you a short list of high-impact steps your team can take to improve them even more.
We add commercial assurances that don't come for free with open source packages, like intellectual property indemnification and support under a service level agreement. You expect these guarantees from proprietary software, and you should get them when using open source as well.

The end result? All of the capabilities you expect from commercial-grade software, for the full breadth of open source you use. That means less time grappling with esoteric open source trivia, and more time building your own applications—and your business.

Ready to see how the Tidelift Subscription would look with your codebase?

Try our free dependency analyzer



The Tidelift Subscription covers application development in
JavaScript, Python, Ruby, PHP, Java, .NET and more

  • vue-1
  • babel
  • material-ui-1
  • fabric
  • doctrine
  • gulp
  • vuetify
  • celery
  • nuxt
  • mongoose
  • Paramiko
  • marshmallow
  • cherrypy
  • proxy-manager
  • cherrypy
  • cherrypy
  • Paramiko
  • Paramiko
  • Paramiko
  • Paramiko
  • Paramiko
  • Paramiko
  • Carbon
  • Paramiko
  • Paramiko
  • Paramiko
  • Paramiko
  • Paramiko
  • Paramiko
  • Paramiko
  • Paramiko

Convince your team 

Need some resources to help you make the case for bringing the Tidelift Subscription into your organization?


Download now


Tidelift subscription


A great start for teams of up to 25 developers

$1,500 per month
billed annually

Tidelift subscription


GitHub and CI support for up to 100 developers

Contact us for pricing

Tidelift subscription


Additional IP indemnification for larger teams

Contact us for pricing


Want to talk about how to maintain your dependencies better?

Tidelift can help your organization stay on top of the maintenance issues that come with using open source software. Want to discuss with one of our open source specialists?

Schedule a call