10 critical things to know before depending on an open source project

Open source has become the de facto application development platform. Most organizations rely on open source both because of its inherent advantages, but also because in many cases there is literally no other option. 

When pulling new open source dependencies into your application, you need to ensure you are making smart decisions that don’t open up your organization to risk. So how should you go about doing the research?

Tidelift co-founder and chief architect Havoc Pennington, Tidelift VP of product Lauren Hanford and Tidelift principal product manager Bill Nottingham shared the 10 critical things to know before depending on an open source project. 

They will help you understand how you can get the information you need to make smart decisions before pulling a project into your dependency tree, such as:

• Is the project abandoned or is it actively maintained and receiving fixes?
• Is the project deprecated?
• Who are the maintainers behind the project?
• Who has publishing rights on upstream package managers?

They explained how Tidelift works directly with open source maintainers to get the answers to those vital questions. Then they showed how Tidelift automates the data collection, curates and structures the data, and provides APIs to help you easily pull this data into existing workflows and business intelligence tools.