Supported ecosystems

The Tidelift Subscription is compatible with open source packages from a variety of ecosystems, and we work with maintainers from all of these ecosystems.

Supported ecosystems:

The following ecosystems and package managers are supported as part of the Tidelift subscription.

  • Java (Maven)
  • JavaScript (npm)
  • Python (PyPI, conda)
  • Swift (Cocoapods)
  • Golang (Go)
  • Rust (Cargo)
  • C# (Nuget)
  • Ruby (Rubygems)

What does Tidelift provide when supporting an ecosystem?

1. Maintainers: Tidelift actively works to partner with and pay maintainers for packages in the ecosystem to ensure the viability and security of the software supply chain. Tidelift recruits new maintainers in the ecosystem based on customer usage and inquriy.

2. Security, licensing, and maintenance metadata: Tidelift automatically discovers new packages and releases, and researches vulnerability, licensing, and maintenance data from packages published on the main open source repositories for that ecosystem.

3. Software bills of materials (SBOMs): We understand and parse project files and can create a SBOM of direct and transitive dependencies.

Details of compatible ecosystems

Ecosystem Package manager Package repository Manifest file names Lock file names
Generic SBOM N/A N/A

cyclonedx.yml

cyclonedx.json

*.spdx

N/A
Java Maven Maven Central pom.xml  
Java Gradle Maven Central build.gradle  
JavaScript NPM NPM package.json

package-lock.json

npm-shrinkwrap.json

JavaScript Yarn NPM package.json yarn.lock
Python pip PyPI requirements.txt  
Python pipenv PyPI Pipfile Pipfile.lock
Python poetry PyPI pyproject.toml poetry.lock
Python conda

Main

Forge

environment.yml  
Golang go pkg.go.dev go.mod  
Swift cocoapods Cocoapods

Podfile

*.podspec

Podfile.lock
C# NuGet NuGet Gallery

*.csproj

project.assets.json

packages.lock.json
Ruby Rubygems Rubygems

Gemfile

Gemfile.lock
Rust Cargo Crates.io

Cargo.toml

Cargo.lock
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.

Articles in this section