DoraCMS
DoraCMS is a modern content management system built on EggJS 3.x, Vue 3, and TypeScript with a pnpm monorepo architecture. It supports dual databases (MongoDB and MariaDB), includes user and admin frontends, and provides Docker deployment options. The project is actively maintained with recent commits in 2026.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | doramart/DoraCMS |
| Owner | doramart |
| Primary language | JavaScript |
| License | MIT — OSI-approved |
| Stars | 3.5k |
| Forks | 1k |
| Open issues | 26 |
| Latest release | 2.1.6 (2020-08-01) |
| Last updated | 2026-03-28 |
| Source | https://github.com/doramart/DoraCMS |
What DoraCMS is
Backend uses EggJS 3.x with MongoDB/Mongoose or MariaDB/Sequelize, JWT authentication, and optional Redis caching. Frontend employs Vue 3 with Composition API, Vite, Element Plus, Pinia, and @wangeditor for rich text editing. Supports i18n, file uploads to OSS/Qiniu, and plugin architecture.
Get the DoraCMS source
Clone the repository and explore it locally.
git clone https://github.com/doramart/DoraCMS.gitcd DoraCMS# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Monorepo with pnpm requires understanding of workspace dependencies; dependency management for individual sub-projects uses --filter syntax (e.g., pnpm --filter "./server" add pkg).
- Dual database support requires upfront decision (MongoDB vs. MariaDB) with documented migration guide available; Repository pattern abstracts differences but testing in target environment is essential.
- Docker Compose configuration supports optional profiles (Redis, Nginx, MariaDB); production deployment must customize docker.env, especially APP_KEYS and SESSION_SECRET (examples provided for key generation).
- Admin-center (Node.js >= 18.20.0) and server (Node.js >= 14) have different minimum versions; use nvm or environment isolation if managing multiple projects on same machine.
- Plugin architecture available (pnpm plugin:install, plugin:build); extending or maintaining custom plugins requires familiarity with EggJS plugin standards.
When to avoid it — and what to weigh
- Requiring LTS or Enterprise Support — Latest release (2.1.6) dates to August 2020; while recent pushes exist, no formal versioning or support SLA is documented. Suitable for teams comfortable with community-driven maintenance.
- Need for Zero Configuration or Headless-first Design — DoraCMS is a full-stack CMS with coupled frontend and backend. If you need a purely headless API or minimal footprint, lighter alternatives or custom API-only solutions may be more appropriate.
- Strict Security Compliance or Audit Requirements — No security audit, penetration test results, or formal security policy documentation is evident in the repository. Requires security review before use in regulated or high-sensitivity environments.
- Small or Legacy Node.js Deployments — Requires Node.js >= 14, pnpm >= 8, and admin-center mandates Node.js >= 18.20.0. Monorepo architecture and Vite tooling add complexity unsuitable for minimal or legacy stacks.
License & commercial use
MIT License. Permissive OSI-compliant license allowing commercial use, modification, and redistribution with inclusion of license and copyright notice. No patent clauses or liability limitations beyond standard MIT terms.
MIT License permits commercial use without additional licensing fees. However, no formal commercial support, SLA, or warranty is documented. Verify that you accept community-driven maintenance, and consider indemnification insurance or support contracts if deploying in mission-critical environments.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | Medium |
No formal security audit, penetration test, or vulnerability disclosure process is documented. JWT authentication and session management are implemented but not detailed. App keys and session secrets must be generated and rotated (examples provided). File upload integration with third-party services (OSS/Qiniu) requires API credential management. Requires independent security review before handling sensitive user data or compliance-regulated content.
Alternatives to consider
Strapi
Headless CMS with Node.js backend and modern admin UI; more flexible for API-first architectures but steeper learning curve and heavier resource consumption. Stronger commercial ecosystem.
Ghost
Lightweight, Node.js-based blogging platform with built-in subscription and membership features; simpler to deploy and manage, but less extensible for custom content models.
KeystoneJS
TypeScript-first headless CMS with GraphQL API and admin UI; tighter type safety and modern GraphQL-native design, but smaller community and less mature ecosystem than Strapi.
Build on DoraCMS with DEV.co software developers
DoraCMS offers a complete, type-safe platform for content management. Our team can help architect, customize, and scale your deployment. Contact us to discuss your content strategy.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
DoraCMS FAQ
Can I use DoraCMS without Docker?
Is DoraCMS suitable for small blogs or e-commerce sites?
How do I migrate between MongoDB and MariaDB?
What's the release cycle and how are breaking changes handled?
Custom software development services
From first prototype to production, DEV.co delivers software development services around tools like DoraCMS. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across open-source cms and beyond.
Ready to Deploy a Modern CMS?
DoraCMS offers a complete, type-safe platform for content management. Our team can help architect, customize, and scale your deployment. Contact us to discuss your content strategy.