emdash
EmDash is a full-stack TypeScript CMS built on Astro and Cloudflare that positions itself as a modern WordPress alternative. It emphasizes type safety, sandboxed plugin architecture, structured content storage, and serverless deployment with support for multiple database and storage backends.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | emdash-cms/emdash |
| Owner | emdash-cms |
| Primary language | TypeScript |
| License | MIT — OSI-approved |
| Stars | 11.1k |
| Forks | 1k |
| Open issues | 224 |
| Latest release | @emdash-cms/[email protected] (2026-07-07) |
| Last updated | 2026-07-08 |
| Source | https://github.com/emdash-cms/emdash |
What emdash is
TypeScript-based Astro integration providing admin UI, REST API, authentication (WebAuthn/OAuth), and plugin system. Plugins execute in isolated Cloudflare Worker contexts with capability manifests. Content stored as Portable Text (JSON) rather than HTML; supports D1, SQLite, PostgreSQL for data and R2/S3 for media. Includes CLI, schema generation, and Model Context Protocol server for agent integration.
Get the emdash source
Clone the repository and explore it locally.
git clone https://github.com/emdash-cms/emdash.gitcd emdash# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Plugin sandboxing requires Cloudflare paid tier; confirm budget and account upgrade feasibility before committing to the architecture.
- Schema definition occurs in database via admin UI, not code-first. Non-developers can modify content types, but this may require oversight and governance policies.
- Portable Text (JSON) content storage decouples presentation but requires custom serializers for email, PDF, or unusual render targets. Evaluate template/rendering pipeline needs early.
- Dynamic Worker plugins add latency and cold-start overhead compared to in-process plugins. Benchmark real-world plugin performance before mass adoption.
- Astro static-site generation integrates with EmDash Live Collections, but SSR/dynamic routes require careful planning to avoid unnecessary full rebuilds on content updates.
When to avoid it — and what to weigh
- Production reliance on beta software without tolerance for breaking changes — EmDash is explicitly in beta preview. API stability, plugin ecosystem maturity, and long-term support roadmap are not yet established. Production deployments should plan for potential migrations.
- Heavy dependency on Dynamic Workers without Cloudflare paid plan — Plugin sandboxing (a key security feature) requires Cloudflare's Dynamic Workers, available only on paid accounts ($5/mo minimum). In-process 'safe mode' plugins lack the same isolation guarantees.
- Need for extensive plugin/theme ecosystem — Unlike WordPress's 58,000+ plugins, EmDash's plugin ecosystem is nascent. First-party plugins exist, but third-party availability and community maturity cannot be assumed. Teams cannot rely on a plug-and-play plugin marketplace.
- Requirement for PHP-based or legacy integrations — Fully TypeScript/Node.js based. No PHP support, no direct compatibility with PHP WordPress plugins or hosting environments expecting PHP. Requires JavaScript/TypeScript rewrite of custom logic.
License & commercial use
MIT License. Permissive OSI-approved license allowing free use, modification, and distribution with no copyleft obligations or patent grants. No license restrictions on commercial use.
MIT is a permissive license. Commercial use is permitted without restriction. However, MIT provides no warranty or liability protection. Teams should review their own legal requirements for production SaaS or enterprise deployments and consider supplemental support agreements or indemnification.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
Plugin sandboxing via Cloudflare Worker isolates and capability manifests is a significant security improvement over WordPress. However: (1) sandboxing is only enforced on paid Cloudflare plans; in-process mode offers no isolation. (2) Beta status means security audit history, vulnerability disclosure policy, and patching cadence are not established. (3) Portable Text and structured content reduce XSS vectors compared to HTML-embedded metadata, but custom block rendering or serialization could reintroduce risk. (4) Authentication is WebAuthn-first, which improves phishing resistance, but OAuth/magic-link fallbacks widen the attack surface. (5) No mention of CSRF, rate limiting, audit logging (beyond optional audit-log plugin), or DDoS protections beyond Cloudflare's standard offerings. Conduct threat modeling before production deployment.
Alternatives to consider
WordPress + Headless CMS (e.g., using WordPress REST API + Astro/Next.js frontend)
Retains WordPress's plugin/theme ecosystem and admin UX while decoupling frontend. No TypeScript integration or native sandboxing, but ecosystem is mature and plugin availability is unmatched.
Strapi, Sanity, or Contentful
Established headless CMS platforms with structured content, REST/GraphQL APIs, and modern developer experience. Hosted or self-hosted options; no serverless lock-in. Larger plugins/integrations ecosystems.
Ghost or Eleventy with local CMS overlay (Decap, TinaCMS)
Lightweight, Git-based, or file-backed content management. Lower operational overhead than Cloudflare/D1 but less admin UI polish and plugin extensibility than EmDash.
Build on emdash with DEV.co software developers
Start with npm create emdash@latest or the blog template on Cloudflare. For large migrations or custom deployments, confirm plugin ecosystem maturity and integration needs with the documentation and community. Assess beta-status risk tolerance before committing to production.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
emdash FAQ
Do I need a Cloudflare account to use EmDash?
Can I use EmDash with my existing WordPress plugins?
What is Portable Text, and why should I care?
Is EmDash production-ready?
Software developers & web developers for hire
From first prototype to production, DEV.co delivers software development services around tools like emdash. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across open-source cms and beyond.
Ready to evaluate EmDash for your team?
Start with npm create emdash@latest or the blog template on Cloudflare. For large migrations or custom deployments, confirm plugin ecosystem maturity and integration needs with the documentation and community. Assess beta-status risk tolerance before committing to production.