Open Source & More - Blog | Tidelift

Featured

Digging into the data: Open source software repo supply chain attacks

I had just wrapped up some internal Tidelift research on open source software supply chain compromises a few weeks ago when I saw PyPI's announcement ...

by Tieg Zaharia
on August 2, 2022

Tieg Zaharia

The current state of package invalidation support across package managers

By Tieg Zaharia on April 1, 2021

Deprecate, retract, unpublish, abandon, yank, orphan, archive... What do all these have in common? Well, they’re different terms for what I’ll call ...

Package signing across package managers

By Tieg Zaharia on June 11, 2020

Package signing across package managers Recently I looked at the state of 2FA support across package managers. 2FA adds a layer of security by ...

The current state of two-factor authentication across package managers

By Tieg Zaharia on July 23, 2019

Recently at Tidelift we started asking our partnered maintainers (we call them “lifters”) to confirm that they have Two-Factor Authentication (2FA) ...

How one org saved $1.1M and reduced OSS risk 💸

Featured

Digging into the data: Open source software repo supply chain attacks

Tieg Zaharia

Recent Posts

The current state of package invalidation support across package managers

Package signing across package managers

The current state of two-factor authentication across package managers

Don't miss the latest from Tidelift

Filter by Topic

Address

Tidelift

Product

Resources

For Maintainers