This glossary contains definitions for the services and products that Tidelift offers, as well as the actions people can take to use these services.
Activity feed • noun
An audit log of all changes to a catalog (eg. approved packages, completed tasks).
Alignment • noun
Used to describe projects, a project is aligned with a catalog if all its package releases are approved in the catalog. Can be run one-off or as part of a CI/CD process.
Approve • verb
The act of saying something is okay to use (tasks, licenses, etc.)
Approved • adjective
Something that is okay to use (package release, license, etc.)
Bill of materials • noun
The list of all of the package releases in a repository
Catalog • noun
An approved list of open source package releases that are available within an organization and meets its configured standards. A catalog also includes the denied package releases and notes on why they were denied.
Deny • verb
The act of saying something is not okay (tasks, licenses, etc.)
Denied • adjective
Something that is not okay to use (package release, license, etc.)
Downstream • noun
The teams/people/packages that consume/rely on the stuff I own
Fail • verb
Not making it through one of the checks in a series of quality control checks, such as a check for alignment
Ignore • verb
The action taken when a vulnerability does not affect the organization; does not add or remove package releases from the catalog
Import • verb
The act of adding package releases to your catalog from somewhere else (eg. a repository, a JFrog Artifactory instance, another catalog)
License template • noun
Pre-defined license standards that could be further customized
Lockfile • noun
A type of package file that lists both direct and transitive dependencies
Maintenance • noun
The work required to keep a specific package usable, such as ongoing development (eg. new features, fixing bugs) and completing lifter tasks.
Related terms: maintaining, maintainers
Management • noun
The work required to keep catalogs usable and up to defined standards, such as completing tasks and deciding which package releases should be added or removed. This is the work that we charge for and isn't a free ride.
Related terms: managing, managers
Manifest • noun
A type of package file that lists direct dependencies
Organization • noun
An entity that has a Tidelift Subscription
Package • noun
A single open source component, releases of which can be installed from a package manager. (e.g. pandas)
Related terms: component, dependency, artifact, library, payload
Package file • noun
Contains information about the package releases used in a repository, including the relationships of packages. A repository usually contains two types of package files, a manifest and a lockfile.
Package manager • noun
The ecosystem for a specific language and its respective packages (eg. npm, maven, pypi)
Pass • verb
Making it through one check in a series of quality control checks, such as a check for alignment
Project • noun
A home for the package files/bill of materials for a project, typically connected to a project's repository via CLI, API or GitHub integration
Release / Package release • noun
The combination of a package and specific release of that package (eg. pandas 1.0.0)
Standards • noun
A benchmark that a catalog administrator uses to decide whether a specific package or package release should be included in a catalog. These standards can relate to approved/denied licenses, security, and/or maintenance and are determined at the catalog-level.
Status • noun
Usually used in respect to a package release, whether it is approved or denied in a catalog
Task • noun
An action that needs to be taken by a catalog administrator (Tidelift, a person at a company), or a lifter to bring a catalog closer to its defined standards, usually resulting in one or more package releases being added and/or removed from a catalog
The Tidelift Subscription • proper noun/service name
The paid service through which an engineering team can experience the benefits of managed open source.
Tidelift web app • proper noun
An application for interfacing with Tidelift from the web.
Tidelift Command Line Interface (CLI) • proper noun
An application for interfacing with Tidelift from the command line.
Upgrade • verb
The action taken to get to a newer release of a package or build; used in security tasks
Upstream • noun
The teams/people that own the stuff I consume/rely on
Use • verb
A generic term meant to indicate the adoption of a specific catalog. There are multiple ways that someone might use a catalog, such as aligning a repository with a catalog, subscribing to updates from another catalog or importing package releases from another catalog.