Using deprecated packages poses a risk to your organization. Deprecated packages are no longer actively maintained, leaving them more susceptible to security vulnerabilities and other potential issues. With the Tidelift Subscription, you can keep deprecated packages out of your organization's catalog by using the Releases are actively maintained standard.
Tidelift is regularly monitoring for package deprecation from the following sources:
- From the package manager - when a maintainer indicates that a package has been deprecated
- Directly from the maintainers and catalog administrators - for instances when deprecation information has not been shared publicly
We will notify you when your team is using or wants to use deprecated packages and help you uphold this standard. We will also display any additional information that a maintainer has provided about the deprecation, which may include recommendations for alternate packages.
How do I keep my team from using deprecated packages?
You can begin creating violations for deprecated packages from the Catalog > Standards page and turning on the Releases are actively maintained standard.
What happens if a package release in my catalog becomes deprecated?
Tidelift is regularly monitoring all packages and will notify you if a package release that you are currently using becomes deprecated. A task will be generated for the catalog administrators to notify them about already-approved releases that violate this standard. For each package, the catalog administrators can resolve the violation by doing one of the following:
- Creating an exception for the deprecated package
- Deny all releases of the package
What happens when a newly requested package release is deprecated?
If a developer requests a package that Tidelift knows to be deprecated, the catalog administrators reviewing the request will see that there is a standard violation. The catalog administrators can do any of the following:
- Create an exception for the package and approve the release
- Deny the release
Creating exceptions for deprecated packages
When a package becomes deprecated or a developer requests a deprecated package, you may still want to create an exception for this package release to be approved in your catalog.
Exceptions can be created when completing a task and they can apply to an entire package. You can view and export all deprecated package exceptions:
- Navigate to the Standards page
- Find Releases are actively maintained
- Select the linked text "create an exception"
- On this page you can view, edit, and add exceptions
Comments
Article is closed for comments.