keystone
Keystone is a headless CMS framework built on Node.js, GraphQL, and React that generates a content management UI and GraphQL API from schema definitions. It targets developers who want to avoid boilerplate while maintaining flexibility in back-end architecture.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | keystonejs/keystone |
| Owner | keystonejs |
| Primary language | TypeScript |
| License | MIT — OSI-approved |
| Stars | 9.9k |
| Forks | 1.3k |
| Open issues | 148 |
| Latest release | 2026-07-01 (2026-07-01) |
| Last updated | 2026-07-08 |
| Source | https://github.com/keystonejs/keystone |
What keystone is
TypeScript-based headless CMS providing schema-driven GraphQL API generation, React admin UI, and extensible hooks for custom logic. Targets Node.js Active LTS versions and integrates with various databases and deployment environments.
Get the keystone source
Clone the repository and explore it locally.
git clone https://github.com/keystonejs/keystone.gitcd keystone# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Schema design is foundational—invest time in data modeling before implementation, as schema changes can affect generated APIs and admin UI.
- Requires Node.js Active LTS or Maintenance LTS versions; older or bleeding-edge versions may not be supported or tested.
- Admin UI is React-based and customizable via hooks and extensions, but deep customization requires React and GraphQL familiarity.
- Database choice (PostgreSQL, MySQL, SQLite, etc.) must be decided upfront; some features or performance characteristics may vary by provider.
- Authentication and authorization hooks are available but not out-of-the-box enterprise RBAC; custom implementation or third-party integration required for complex permission models.
When to avoid it — and what to weigh
- Monolithic CMS with embedded front-end rendering required — Keystone is headless only. If you need server-side rendering, template engines, or a traditional CMS with built-in pages and posts, consider Strapi or traditional options.
- Minimal dependencies and small bundle size critical — Keystone requires Node.js runtime and brings substantial GraphQL and React dependencies. Unsuitable for projects prioritizing minimal footprint or edge-compute-first deployments.
- Strict version stability or long-term freezing needed — Keystone 5 is maintenance-only; v6 is active. Projects requiring absolute API stability across 5+ years may face upgrade pressures or maintenance burden.
- No GraphQL preference or strict REST-only mandates — GraphQL is the primary API model. Projects locked to REST-only architectures will not align well with Keystone's design philosophy.
License & commercial use
Licensed under MIT (MIT License), a permissive OSI-approved license. Copyrighted by Thinkmill Labs Pty Ltd as of 2024.
MIT license permits commercial use, modification, and distribution with minimal restrictions (retain copyright and license notice). No paid license tiers or enterprise agreements mentioned in repository. Deployment and support arrangement (if any) not documented; clarify support and SLAs with vendor if production use is planned.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
Security policy is referenced (/SECURITY.md); vulnerability reporting process is documented. No details on authentication defaults, rate limiting, SQL injection protections, or audit logging in README. Security posture and penetration test results unknown. Conduct security review before production deployment, especially for sensitive data or public-facing APIs.
Alternatives to consider
Strapi
Similar headless CMS with GraphQL and REST APIs, larger community, more out-of-the-box plugins. Consider if REST preference or wider ecosystem integration critical.
Contentful
SaaS headless CMS with strong multi-team collaboration, content preview, and enterprise features. Choose if hosted offering and professional support preferred over self-managed open-source.
Payload CMS
TypeScript-native headless CMS with flexible field types and hooks. Comparable to Keystone v6 but different architectural choices; evaluate for specific use-case fit.
Build on keystone with DEV.co software developers
Our team can help assess fit against your data model, deployment environment, and team expertise. Let's discuss schema design, database choice, and integration approach.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
keystone FAQ
Can I use Keystone with my existing React front-end?
What databases does Keystone support?
Is Keystone suitable for enterprise production use?
How do I migrate from Keystone 5 to v6?
Work with a software development agency
DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If keystone is part of your open-source cms roadmap, our team can implement, customize, migrate, and maintain it.
Ready to evaluate Keystone for your CMS needs?
Our team can help assess fit against your data model, deployment environment, and team expertise. Let's discuss schema design, database choice, and integration approach.