When pulling new open source dependencies into your application, you need to ensure you are making smart decisions that don’t open up your organization to risk. So how should you go about doing the research?
Tidelift co-founder and chief architect Havoc Pennington, Tidelift VP of product Lauren Hanford and Tidelift principal product manager Bill Nottingham shared the 10 critical things to know before depending on an open source project.
They will help you understand how you can get the information you need to make smart decisions before pulling a project into your dependency tree, such as:
They explained how Tidelift works directly with open source maintainers to get the answers to those vital questions. Then they showed how Tidelift automates the data collection, curates and structures the data, and provides APIs to help you easily pull this data into existing workflows and business intelligence tools.