Tidelift can track non-public and internally-developed packages included in your projects. These packages are referred to as internal packages.
With internal packages you can:
- View these in your project's bill of materials
- Include these in a catalog; setting approve and deny decisions about each release
- Set license information for internal packages
Given that these packages are not publicly tracked by Tidelift, we do not provide the following:
- License research, security vulnerabilities, security vulnerability recommendations, or maintenance information
- Automatic identification of new releases
Tidelift automatically identifies and labels all non-public packages as an internal package. If a package is internal, it will be annotated with a "This is an internal package" description at the top of the package page.