Prioritize package migration away from lower-quality packages that Tidelift has identified as risky based on criteria such as end-of-life, deprecation, and lack of maintenance. This allows you to more holistically forecast and predict open source risk.
This report can help managers answer the following questions:
- Which of my in-use packages are not of high quality as determined by Tidelift?
- Why doesn’t Tidelift recommend this package?
This report contains the following columns:
- purl: The Package URL or the package.
- platform: The platform for the package.
- package_name: The name of the package.
- tidelift_recommendation: Tidelift's recommendation status for this package.
- tidelift_recommendation_reasons: Tidelift's recommendation for this package in plain english.
- production_projects_count: The number of projects using this package in production.
- non_production_projects_count: The number of projects using this package in a non-production environment.
- direct_projects_count: The number of projects importing this package directly.
- transitive_projects_count: The number of projects importing this package transitively.
- project_usage_link: A URL to see which of your projects use this package.
- package_link: A URL to the package in Tidelift.
- report_date: When the report was generated