Support for internal packages

Tidelift can track non-public and internally-developed packages included in your projects. These packages are referred to as internal packages. 

With internal packages you can:

  • View these in your project's bill of materials
  • Include these in a catalog; setting approve and deny decisions about each release
  • Set license information for internal packages

Given that these packages are not publicly tracked by Tidelift, we do not provide the following:

  • License research, security vulnerabilities, security vulnerability recommendations, or maintenance information
  • Automatic identification of new releases

Tidelift automatically identifies and labels all non-public packages as an internal package. If a package is internal, it will be annotated with a "This is an internal package" description at the top of the package page.