Tidelift can track non-public and internally-developed packages included in your projects. These packages are referred to as internal packages.
With internal packages you can:
- View them in your project's bill of materials
- Include them in a catalog; setting approve and deny decisions about each release
- Set their license information
Given that these packages are not publicly tracked by Tidelift, we do not provide the following:
- License research
- Security vulnerabilities
- Security vulnerability recommendations
- Maintenance information
- Automatic identification of new releases
Tidelift automatically identifies and labels all non-public packages as an internal package. If a package is internal, it will be annotated with a "This is an internal package" description at the top of the package page.