DEV.co
Open-Source CRM · marmelab

atomic-crm

Atomic CRM is a full-featured, open-source customer relationship management application built with React, shadcn/ui, and Supabase. It provides contact management, task tracking, deal pipelines, email capture, and customizable workflows suitable for small to mid-sized teams.

Source: GitHub — github.com/marmelab/atomic-crm
1.1k
GitHub stars
722
Forks
TypeScript
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorymarmelab/atomic-crm
Ownermarmelab
Primary languageTypeScript
LicenseMIT — OSI-approved
Stars1.1k
Forks722
Open issues9
Latest releasev1.5.0 (2026-03-10)
Last updated2026-06-29
Sourcehttps://github.com/marmelab/atomic-crm

What atomic-crm is

A TypeScript-based React application backed by Supabase (PostgreSQL + Auth), featuring React Hook Form, React Query, React Router, and shadcn component library. Local development uses Docker for Supabase, with Vite as the dev server and Playwright for e2e testing.

Quickstart

Get the atomic-crm source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/marmelab/atomic-crm.gitcd atomic-crm# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Small-to-medium team CRM deployment

Organizations needing contact, task, and deal management without vendor lock-in. MIT license permits modification and self-hosting on private infrastructure.

White-label or custom CRM solution

Agencies or vendors can fork, customize components, and rebrand. Shadcn registry integration allows feature updates without full redeploy.

Internal sales tools with single-sign-on

Teams using Google, Azure, Keycloak, or Auth0 can integrate directly. Email capture and activity logs support compliance and audit trails.

Implementation considerations

  • Requires Docker and Node 22 LTS; local Supabase setup adds dependency management complexity. Pre-deployment testing via `make test` and `make test-e2e` is mandatory.
  • Supabase database schema and auth rules must be configured post-clone. No built-in migration wizard; schema design falls on implementer.
  • Email capture feature (CC workflow) requires mail server or third-party integration; Inbucket used for local testing only.
  • Customization relies on forking and modifying React components directly; shadcn registry updates may conflict with local changes.
  • Activity logging and data export functionality present but extent of audit capabilities unclear; verify against compliance requirements.

When to avoid it — and what to weigh

  • Enterprise-scale, multi-tenant SaaS operation — No multi-tenancy architecture evident; designed for single-organization self-hosting. Scaling, billing, and tenant isolation require significant custom work.
  • Regulated industries requiring formal support SLA — Community-maintained project with no commercial support contract. Healthcare, finance, or compliance-heavy verticals may need vendor guarantees.
  • Need for deep third-party CRM ecosystem integrations — Built-in integrations limited to auth providers and API hooks. Requires custom development for Salesforce, HubSpot, Pipedrive connectors.
  • Zero deployment infrastructure or DevOps overhead — Requires Docker, Node 22, Supabase, and PostgreSQL familiarity. Not a managed SaaS; you own operational burden.

License & commercial use

MIT License (MIT). Permissive OSI license permitting commercial use, modification, and redistribution with attribution. No copyleft requirements.

MIT license explicitly allows commercial use, private deployment, and proprietary modifications. However, no warranty or liability indemnification is provided. Use in production requires your own risk assessment, security audit, and support plan.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Project uses Supabase auth (supports OAuth 2.0 via third-party providers) and PostgreSQL backend. Access control via login and Supabase role-based policies. However, no security audit, penetration test, or CVE disclosure process mentioned. Self-hosted deployments require secure TLS, secrets management, and database hardening. Email capture and activity logging may surface sensitive data; review retention and access controls before production use.

Alternatives to consider

Odoo CRM

Mature, enterprise-grade open-source CRM with built-in accounting, HR, and ERP modules. Larger codebase and steeper learning curve but more integrations and commercial support options available.

Plane (Project Management / CRM hybrid)

Modern React-based alternative for teams blending project and relationship management. Simpler data model but less specialized for sales pipelines.

Salesforce (Commercial SaaS)

Industry standard with extensive ecosystem, multi-tenancy, formal support, and regulatory compliance certifications. Higher cost but eliminates deployment and infrastructure burden.

Software development agency

Build on atomic-crm with DEV.co software developers

Test the demo, review deployment requirements, and assess security/compliance fit. Contact Devco for guidance on customization, hosting, or production deployment support.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

atomic-crm FAQ

Can I run Atomic CRM in production today?
Yes, the MIT license and feature set support production deployment. However, conduct your own security audit, set up backups and monitoring, and plan for ongoing maintenance. No vendor SLA is available.
How do I integrate Atomic CRM with our existing CRM or business tools?
REST API is available for custom integrations. Email capture and auth are built-in. Other tools (Slack, Salesforce, HubSpot, etc.) require custom middleware or webhooks—not out-of-the-box.
What happens if the Marmelab team stops maintaining this project?
MIT license grants you the right to fork, maintain, and modify the codebase independently. Community forks may emerge. However, reliance on active upstream updates is a risk; plan for long-term self-maintenance.
Is Atomic CRM HIPAA, GDPR, or SOC2 compliant?
Not clearly stated. Compliance depends on your deployment, data handling, and security controls. Conduct your own compliance assessment and legal review before use in regulated industries.

Software development & web development with DEV.co

DEV.co helps companies turn open-source tools like atomic-crm into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source crm stack.

Ready to evaluate Atomic CRM for your team?

Test the demo, review deployment requirements, and assess security/compliance fit. Contact Devco for guidance on customization, hosting, or production deployment support.