Glossary

This glossary contains definitions for the services and products that Tidelift offers, as well as the actions people can take to use these services.

Aligned • adjective

Used to describe repositories, a repository is aligned with a catalog if all its package releases are approved in the catalog.

Related terms: alignment, catalog alignment

Approve • verb

The act of saying something is okay to use (tasks, licenses, etc.)

Approved • adjective

Something that is okay to use (package release, license, etc.)

Bill of materials • noun

The list of all of the package releases in a repository

Catalog • noun

An approved list of open source package releases that are available within an organization and meets its configured standards. A catalog also includes the denied package releases and notes on why they were denied.

Deny • verb

The act of saying something is not okay (tasks, licenses, etc.)

Denied • adjective

Something that is not okay to use (package release, license, etc.)

Downstream • noun

The teams/people/packages that consume/rely on the stuff I own

Fail • verb

Not making it through one of the checks in a series of quality control checks, such as a check for alignment

Ignore • verb

The action taken when a vulnerability does not affect the organization; does not add or remove package releases from the catalog

Import • verb

The act of adding package releases to your catalog from somewhere else (eg. a repository, a JFrog Artifactory instance, another catalog)

License template • noun

Pre-defined license standards that could be further customized

Lockfile • noun

A type of package file that lists both direct and transitive dependencies

Maintenance • noun

The work required to keep a specific package usable, such as ongoing development (eg. new features, fixing bugs) and completing lifter tasks.

Related terms: maintaining, maintainers

Management • noun

The work required to keep catalogs usable and up to defined standards, such as completing tasks and deciding which package releases should be added or removed. This is the work that we charge for and isn't a free ride.

Related terms: managing, managers

Manifest • noun

A type of package file that lists direct dependencies

Organization • noun

An entity that has a Tidelift Subscription

Package • noun

A single open source component, releases of which can be installed from a package manager. (e.g. pandas)

Related terms: component, dependency, artifact, library, payload

Package file • noun

Contains information about the package releases used in a repository, including the relationships of packages. A repository usually contains two types of package files, a manifest and a lockfile.

Package manager • noun

The ecosystem for a specific language and its respective packages (eg. npm, maven, pypi)

Pass • verb

Making it through one check in a series of quality control checks, such as a check for alignment

Release / Package release • noun

The combination of a package and specific release of that package (eg. pandas 1.0.0)

Repository • noun

A home for the package files/bill of materials for a project, typically connected to the project's actual repository via API or GitHub integration

Scan • verb

Used in a CI/CD pipeline, to check alignment of a repository. Scans are preserved to help you understand alignment over time. 

Standards • noun

A benchmark that a manager uses to decide whether a specific package or package release should be included in a catalog. These standards can relate to approved/denied licenses, security, and/or maintenance and are determined at the catalog-level.

Status • noun

Usually used in respect to a package release, whether it is approved or denied in a catalog

Subscribe to updates • verb

The most common way for an organization to use a Tidelift-managed catalog. By subscribing to updates, managers will be prompted to update their catalog to make the same changes that were made to the Tidelift-managed catalog

Task • noun

An action that needs to be taken by a catalog manager (Tidelift, a person at a company), or a lifter to bring a catalog closer to its defined standards, usually resulting in one or more package releases being added and/or removed from a catalog

The Tidelift Subscription • proper noun/service name

The paid service through which an engineering team can experience the benefits of managed open source.

Tidelift web app • proper noun

An application for interfacing with Tidelift from the web.

Tidelift Command Line Interface (CLI) • proper noun

An application for interfacing with Tidelift from the command line.

Tidelift-managed catalog • noun

A catalog that is created by Tidelift and managed by Tidelift and our partnered maintainers.

Upgrade • verb

The action taken to get to a newer release of a package or build; used in security tasks currently

Upstream • noun

The teams/people that own the stuff I consume/rely on

Use • verb

A generic term meant to indicate the adoption of a specific catalog. There are multiple ways that someone might use a catalog, such as aligning a repository with a catalog, subscribing to updates from another catalog or importing package releases from another catalog.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us