Supporting less well known, but widely used, packages is an express goal of Tidelift.
Here's how we do it: When professional teams subscribe to Tidelift, we identify all of the open source dependencies they rely on, including the “hidden” transitive dependencies. Then, we partner with the individuals and teams who maintain those packages to provide security, licensing, and maintenance assurances. In exchange for maintaining their packages as part of the Tidelift Subscription, we deliver a predictable income stream to those open source creators.
Supporting less well known, but widely used, packages is an express goal of Tidelift.
Here's how we do it: When professional teams subscribe to Tidelift, we identify all of the open source dependencies they rely on, including the “hidden” transitive dependencies. Then, we partner with the individuals and teams who maintain those packages to provide security, licensing, and maintenance assurances. In exchange for maintaining their packages as part of the Tidelift Subscription, we deliver a predictable income stream to those open source creators.
For more on our approach, check out:
blog.tidelift.com/open-source-the-...