jackson-databind
minimist
urllib3
SockJS
Pillow
Jordan Harband
Mongoose
Apache Commons
Vulnerable open source packages create risk that could potentially impact
your organization’s revenue, data, and business continuity.
Stop getting slowed down by bad packages that have been end-of-lifed, abandoned, or are insecure.
Start making better, proactive decisions about which packages to use—and which to avoid—so you can take advantage of the full innovative potential of open source.
by eliminating attack entry points through bad packages
by reducing vulnerability fire drills from insecure or undermaintained packages
by building with healthy and resilient open source packages
by saving costly manual package evaluation time
Our annual maintainer impact report shines a light on the most current and compelling evidence of the positive outcomes organizations can achieve when they invest directly in their open source software supply chain by paying maintainers.
Cisco’s internal development teams, using Corona enhanced with open source metadata provided by Tidelift, can now access insightful package metadata and gain additional insights into vulnerabilities.
The results of the 2024 Tidelift state of the open source maintainer report are live! In this year's survey, we identified 12 big headlines out of the data we collected from 400 open source maintainers.