Hi, Tidelift cofounder here. This is a reason we don't charge per-package. It costs the same whatever customers report. (Which is what the Wired "Netflix" analogy is about.)
The incentive to report accurately is that subscription benefits only apply to packages we know someone's using. Some of those benefits are dependency analysis results, others are services or assurances. For example, we'd only know to tell them about security vulnerabilities in a package they actually say they use.
The incentive to report accurately is that subscription benefits only apply to packages we know someone's using. Some of those benefits are dependency analysis results, others are services or assurances. For example, we'd only know to tell them about security vulnerabilities in a package they actually say they use.