DEV.co
Open-Source CMS · emdash-cms

emdash

EmDash is a full-stack TypeScript CMS built on Astro and Cloudflare that positions itself as a modern WordPress alternative. It emphasizes type safety, sandboxed plugin architecture, structured content storage, and serverless deployment with support for multiple database and storage backends.

Source: GitHub — github.com/emdash-cms/emdash
11.1k
GitHub stars
1k
Forks
TypeScript
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryemdash-cms/emdash
Owneremdash-cms
Primary languageTypeScript
LicenseMIT — OSI-approved
Stars11.1k
Forks1k
Open issues224
Latest release@emdash-cms/[email protected] (2026-07-07)
Last updated2026-07-08
Sourcehttps://github.com/emdash-cms/emdash

What emdash is

TypeScript-based Astro integration providing admin UI, REST API, authentication (WebAuthn/OAuth), and plugin system. Plugins execute in isolated Cloudflare Worker contexts with capability manifests. Content stored as Portable Text (JSON) rather than HTML; supports D1, SQLite, PostgreSQL for data and R2/S3 for media. Includes CLI, schema generation, and Model Context Protocol server for agent integration.

Quickstart

Get the emdash source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/emdash-cms/emdash.gitcd emdash# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Serverless-first content sites on Cloudflare

Teams already using Cloudflare Workers and D1 can deploy a complete CMS with minimal infrastructure overhead. Type-safe schema generation and Astro integration reduce friction for TypeScript-heavy teams.

WordPress migration for tech-forward teams

Organizations running WordPress who want to modernize content architecture, improve plugin security via sandboxing, and adopt structured content. Built-in WXR import and migration agents support gradual porting.

AI-augmented content workflows

Projects requiring programmatic content management, agent-assisted plugin/theme development, or direct LLM integration via built-in MCP server. CLI and agent skills enable automation-first CMS operations.

Implementation considerations

  • Plugin sandboxing requires Cloudflare paid tier; confirm budget and account upgrade feasibility before committing to the architecture.
  • Schema definition occurs in database via admin UI, not code-first. Non-developers can modify content types, but this may require oversight and governance policies.
  • Portable Text (JSON) content storage decouples presentation but requires custom serializers for email, PDF, or unusual render targets. Evaluate template/rendering pipeline needs early.
  • Dynamic Worker plugins add latency and cold-start overhead compared to in-process plugins. Benchmark real-world plugin performance before mass adoption.
  • Astro static-site generation integrates with EmDash Live Collections, but SSR/dynamic routes require careful planning to avoid unnecessary full rebuilds on content updates.

When to avoid it — and what to weigh

  • Production reliance on beta software without tolerance for breaking changes — EmDash is explicitly in beta preview. API stability, plugin ecosystem maturity, and long-term support roadmap are not yet established. Production deployments should plan for potential migrations.
  • Heavy dependency on Dynamic Workers without Cloudflare paid plan — Plugin sandboxing (a key security feature) requires Cloudflare's Dynamic Workers, available only on paid accounts ($5/mo minimum). In-process 'safe mode' plugins lack the same isolation guarantees.
  • Need for extensive plugin/theme ecosystem — Unlike WordPress's 58,000+ plugins, EmDash's plugin ecosystem is nascent. First-party plugins exist, but third-party availability and community maturity cannot be assumed. Teams cannot rely on a plug-and-play plugin marketplace.
  • Requirement for PHP-based or legacy integrations — Fully TypeScript/Node.js based. No PHP support, no direct compatibility with PHP WordPress plugins or hosting environments expecting PHP. Requires JavaScript/TypeScript rewrite of custom logic.

License & commercial use

MIT License. Permissive OSI-approved license allowing free use, modification, and distribution with no copyleft obligations or patent grants. No license restrictions on commercial use.

MIT is a permissive license. Commercial use is permitted without restriction. However, MIT provides no warranty or liability protection. Teams should review their own legal requirements for production SaaS or enterprise deployments and consider supplemental support agreements or indemnification.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Plugin sandboxing via Cloudflare Worker isolates and capability manifests is a significant security improvement over WordPress. However: (1) sandboxing is only enforced on paid Cloudflare plans; in-process mode offers no isolation. (2) Beta status means security audit history, vulnerability disclosure policy, and patching cadence are not established. (3) Portable Text and structured content reduce XSS vectors compared to HTML-embedded metadata, but custom block rendering or serialization could reintroduce risk. (4) Authentication is WebAuthn-first, which improves phishing resistance, but OAuth/magic-link fallbacks widen the attack surface. (5) No mention of CSRF, rate limiting, audit logging (beyond optional audit-log plugin), or DDoS protections beyond Cloudflare's standard offerings. Conduct threat modeling before production deployment.

Alternatives to consider

WordPress + Headless CMS (e.g., using WordPress REST API + Astro/Next.js frontend)

Retains WordPress's plugin/theme ecosystem and admin UX while decoupling frontend. No TypeScript integration or native sandboxing, but ecosystem is mature and plugin availability is unmatched.

Strapi, Sanity, or Contentful

Established headless CMS platforms with structured content, REST/GraphQL APIs, and modern developer experience. Hosted or self-hosted options; no serverless lock-in. Larger plugins/integrations ecosystems.

Ghost or Eleventy with local CMS overlay (Decap, TinaCMS)

Lightweight, Git-based, or file-backed content management. Lower operational overhead than Cloudflare/D1 but less admin UI polish and plugin extensibility than EmDash.

Software development agency

Build on emdash with DEV.co software developers

Start with npm create emdash@latest or the blog template on Cloudflare. For large migrations or custom deployments, confirm plugin ecosystem maturity and integration needs with the documentation and community. Assess beta-status risk tolerance before committing to production.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

emdash FAQ

Do I need a Cloudflare account to use EmDash?
No. EmDash runs on any Node.js server with SQLite. Cloudflare (D1, R2, Workers) is recommended and enables sandboxed plugins, but not required. However, plugin sandboxing—a key security feature—requires Cloudflare's paid Dynamic Workers ($5/mo minimum).
Can I use EmDash with my existing WordPress plugins?
Not directly. EmDash plugins use a TypeScript `definePlugin()` API and run in sandboxed contexts. WordPress plugins (PHP) must be ported. A WordPress import wizard handles content and media migration, but custom plugin logic requires rewriting.
What is Portable Text, and why should I care?
Portable Text is a JSON-based structured content format that decouples content from HTML presentation. This allows the same content to render as web, mobile, email, or API responses without HTML parsing. It's more flexible and machine-readable than WordPress's HTML + metadata model.
Is EmDash production-ready?
EmDash is in beta preview. The core platform is functional, but API stability, plugin ecosystem maturity, and long-term support roadmap are not finalized. Use for production only if you can tolerate breaking changes and have a plan to migrate if the project stalls.

Software developers & web developers for hire

From first prototype to production, DEV.co delivers software development services around tools like emdash. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across open-source cms and beyond.

Ready to evaluate EmDash for your team?

Start with npm create emdash@latest or the blog template on Cloudflare. For large migrations or custom deployments, confirm plugin ecosystem maturity and integration needs with the documentation and community. Assess beta-status risk tolerance before committing to production.