Culture / Technology

Compensating Open Source Maintainers, Tidelift’s on a Roll

1 May 2019 7:47am, by

Tidelift, the Boston-based startup focused on “making open source software better for everyone,” has expanded rapidly and has added new capabilities for application development teams.

Using a subscription model with clients, it uses the fees paid in to compensate maintainers of open source projects that don’t have a sponsor company behind them.

Tidelift announced:

  • The subscription database monitors 3 million open source projects.
  • It provides assurances for more than 1,000 of the most popular community-led open source projects, and maintainers can earn income from more than 4,000 projects across the JavaScript, Python, PHP, Ruby, Java, and .NET ecosystems.
  • Subscription now includes open source dependency analysis with identification and resolution of security, licensing, and maintenance issues in direct partnership with open source maintainers.

“We’re partnering with creators and maintainers of a vast array of community-led open source projects to introduce the concept of managed open source, where organizations can save time and reduce risk by paying Tidelift’s participating maintainers to ensure their packages meet uniform and comprehensive commercial standards,” Fischer said.

While companies often no longer maintain servers or databases in-house, “in most cases application development teams are still incurring all the pain and energy of maintaining their open source components themselves,” said Donald Fischer, Tidelift co-founder and CEO.

“We’re trying to let them get that off their plate as well. It lets your developers work on your application, not the pieces going into it, but still have confidence that those pieces are secure, the licensing is locked down, they’re being actively maintained and they’re going to keep working.”

The New Stack analyst Lawrence Hecht reported previously that poor documentation and a negative track record for security are among the top reasons companies do not use an open source technology. And that nearly 75% of developers spend more than 10 hours a month handling open source vulnerabilities.

While it’s still too early for maintainers to quit their day jobs, Tidelift compensation is growing.

“Our largest payout for individual open source packages is in the neighborhood of $30,000 and you can maintain more than one package. … That’s really the end game with Tidelift…. We think there should be this new job category in the world — a full-time open source maintainer, where you’re not just moonlighting or it’s a side [part] of your day job. That should be people’s day job,” Fischer said.

New software tools include an overview of security vulnerabilities, licensing issues, and technical concerns across dependencies, at-a-glance metrics that help developers gauge how package updates affect their applications, and recommendations on when to upgrade key frameworks and libraries.

The company is offering as a free service an open source dependency analyzer that enables development teams to learn about the state of the dependencies within applications they’re building. By sharing the package manager files from one of the projects, Tidelift will analyze them and provide three suggestions on things to address today.

Jon Schlinkert, a maintainer of Micromatch, Enquirer, and other JavaScript libraries, says he doesn’t want to spend time on fundraising, doing bookkeeping, or stressing about how a project’s roadmap might be affected by compromises, trade-offs, and promises made to get sponsors.

“If getting funding requires a great deal of time and maintenance beyond what’s required by the project itself, I’m just trading one sustainability problem for another,” he said.

Tidelift is the first solution I’ve seen that allows me to get paid for the value I’m already creating as a developer and maintainer, without the concerns and stress of fundraising. I absolutely love their model. It’s stress-free, and it’s scalable.”

In January, the company announced $25 million in a Series B funding round, which follows a $15 million Series A seven months previously.

Tidelift is a sponsor of The New Stack.

Feature image via Pixabay.

A newsletter digest of the week’s most important stories & analyses.

View / Add Comments

Please stay on topic and be respectful of others. Review our Terms of Use.