Startups > HeroDevs

HeroDevs

HeroDevs keeps deprecated open-source software secure and compliant during migration.
Private Equity $288M total Founded 2018 Sandy, Utah 89 employees
HeroDevs provides drop-in replacements and long-term support (Never-Ending Support) for deprecated open-source software, allowing enterprises to stay secure, compliant, and compatible while they migrate at their own pace. The company has remediated over 1,078 vulnerabilities across end-of-life projects like AngularJS, VueJS, Protractor, Bootstrap, and Spring Framework. Serving 500+ clients including Fortune 500 companies like Google, Microsoft, Capital One, NASA, and T-Mobile across government, healthcare, finance, and tech sectors. HeroDevs differentiates through hands-on consulting, community investment, and a sustainability fund that returns portions of revenue to open-source maintainers.
Problem solved
Organizations using end-of-life open-source software face security vulnerabilities, compliance risks, and compatibility issues with no clear remediation path without expensive, time-consuming full migrations.
Target customer
Enterprise software companies, Fortune 500 organizations, and government agencies running legacy open-source frameworks (AngularJS, Spring, Express, VueJS) with large codebases and long migration timelines.
Website LinkedIn Crunchbase Twitter / X
Founders
A
Aaron Frost
Founder & CEO (until January 2026)
Founded OrderGeek (2011-2013), Principal Engineer at Domo (2013-2017) and SaltStack (2017), organizer of ng-conf (Angular conference).
A
Aaron Mitchell
CEO (as of January 2026)
Co-founder of HeroDevs; Aaron Frost transitioned to personal sabbatical for health reasons on January 1, 2026.
Funding history
Growth Equity $125M July 24, 2025 Led by PSG Equity · Album VC
Total raised: $288M
Industries
Developer Tools Open Source Software
Pricing
Custom enterprise pricing ranging from $25,000–$75,000 annually depending on coverage and components, representing a 3–9x cost savings compared to full software migrations. Contact for exact quote.
Notable customers
Google, Microsoft, Capital One, NASA, T-Mobile, and 500+ total clients across Fortune 500 and government sectors
Integrations
Mend.io (AppSec platform), Express.js team partnership, direct partnerships with open-source maintainers and community
Tech stack
jQuery (JavaScript libraries) HubSpot Chat (Live chat) Zendesk (Documentation) HTTP/3 Microsoft Clarity (Analytics) Linkedin Insight Tag (Analytics) HubSpot Analytics (Analytics) Google Analytics (Analytics) Facebook Pixel (Analytics) reCAPTCHA (Security) HSTS (Security) Google Workspace (Email) jsDelivr (CDN) jQuery CDN (CDN) Amazon S3 (CDN) Cloudflare (CDN) Salesforce Marketing Cloud Account Engagement (Marketing automation) HubSpot (Marketing automation) Reddit Ads (Advertising) DoubleClick Floodlight (Advertising) Google Tag Manager (Tag managers) Salesforce (CRM) Amazon Web Services (PaaS) Weglot (Translation)
Website
herodevs.com/
Competitors
Tidelift
Broader open-source dependency management platform; HeroDevs specializes deeper in end-of-life support with hands-on consulting.
Sonatype
General software supply chain security platform; HeroDevs focuses specifically on extending life for deprecated projects with direct maintainer relationships.
FOSSA
License compliance and dependency tracking tool; HeroDevs provides active security patches and support for end-of-life software.
Why this matters: HeroDevs has grown into a critical infrastructure provider for enterprises stuck with legacy open-source stacks, raising $288M total with a recent $125M growth equity round from PSG. The company's acquisition of Xeol (end-of-life detection) and partnerships with Mend.io signal a broadening mission to detect and remediate end-of-life software at scale—addressing a massive but often-hidden technical debt problem across enterprise software.
Best for: Enterprise organizations with large legacy codebases built on end-of-life open-source frameworks who need security and compliance without immediate replatforming.
Use cases
AngularJS Application Security & Compliance
A financial services company running mission-critical AngularJS applications built over 8+ years faced end-of-life vulnerabilities and regulatory compliance mandates. Rather than a 2-3 year, $5M+ rewrite, they licensed HeroDevs' Never-Ending Support for AngularJS, receiving monthly security patches and compliance updates while planning a gradual migration to Angular. Cost savings: 3-9x less than full migration, timeline flexibility for other priorities.
Spring Framework 5.3 EOL Risk Remediation
A healthcare organization discovered hundreds of Spring Framework 5.3 applications across their infrastructure facing imminent end-of-support. HeroDevs' Never-Ending Support for Spring provided immediate security updates and compliance assurance, preventing forced emergency upgrades that would have disrupted patient-facing systems while the team prioritized critical infrastructure upgrades.
Protractor Test Suite Maintenance During Migration
A government agency's QA automation relied on deprecated Protractor for thousands of end-to-end tests. Replacing the entire test suite would delay product releases by 12+ months. HeroDevs' support kept Protractor functional and secure while the team gradually migrated to modern testing frameworks over 18 months without blocking releases.
Alternatives
Tidelift Broader dependency management and monitoring; choose Tidelift for comprehensive software supply chain visibility across all dependencies.
Snyk Developer-first vulnerability scanning and automated remediation; choose Snyk if you want to upgrade dependencies automatically rather than extend support.
Sonatype Nexus Repository and artifact management platform; choose Nexus if you need internal component governance rather than vendor support for deprecated projects.
FAQ
What does HeroDevs do? +
HeroDevs provides Never-Ending Support (NES) for deprecated open-source software like AngularJS, Spring Framework, VueJS, and others. They deliver ongoing security patches, compliance updates, and compatibility fixes—acting as a drop-in replacement that keeps your legacy software safe while you migrate at your own pace.
How much does HeroDevs cost? +
Professional LTS coverage ranges from $25,000–$75,000 annually depending on the framework and coverage scope. This typically represents 3–9x savings compared to full application rewrites or emergency migrations. Contact HeroDevs for a custom quote based on your specific framework and scale.
What are alternatives to HeroDevs? +
Tidelift (broader open-source dependency management), Sonatype (software supply chain security), and FOSSA (license compliance and tracking). Each focuses on different aspects of open-source risk; HeroDevs specializes in extending the life of deprecated projects with active vendor support.
Who uses HeroDevs? +
Enterprise software companies, Fortune 500 organizations, and government agencies. Notable customers include Google, Microsoft, Capital One, NASA, and T-Mobile. Over 500 total clients rely on HeroDevs across finance, healthcare, government, education, and technology sectors.
How does HeroDevs compare to Tidelift? +
Both address open-source risk, but HeroDevs specializes in end-of-life software with deep expertise in specific deprecated frameworks and hands-on consulting. Tidelift offers broader dependency management and monitoring across your entire software supply chain. Choose HeroDevs for targeted support on legacy frameworks; choose Tidelift for comprehensive dependency governance.
Tags
open-source end-of-life software long-term support legacy code security compliance software migration enterprise infrastructure