ConvertX
ConvertX is a self-hosted file converter application supporting over 1,000 formats via integrations with tools like FFmpeg, ImageMagick, Pandoc, and LibreOffice. Built with TypeScript and Bun, it offers multi-file batch conversion, user accounts, password protection, and deployment via Docker.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | C4illin/ConvertX |
| Owner | C4illin |
| Primary language | TypeScript |
| License | AGPL-3.0 — OSI-approved |
| Stars | 17.1k |
| Forks | 941 |
| Open issues | 109 |
| Latest release | v0.18.0 (2026-06-21) |
| Last updated | 2026-06-22 |
| Source | https://github.com/C4illin/ConvertX |
What ConvertX is
A TypeScript/Bun-based web application using the Elysia framework, leveraging external converters (FFmpeg, ImageMagick, Pandoc, Calibre, etc.) for format transformation. Features JWT-based authentication, configurable concurrency limits, and persistent storage via Docker volumes. Deployed as a containerized service with environment-driven configuration.
Get the ConvertX source
Clone the repository and explore it locally.
git clone https://github.com/C4illin/ConvertX.gitcd ConvertX# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Install and manage system dependencies (FFmpeg, ImageMagick, LibreOffice, Pandoc, Calibre, etc.) on the host or base container image; dependency bloat increases attack surface and maintenance.
- Set JWT_SECRET to a strong value in production; default randomUUID() is non-persistent across restarts, breaking token validation. Requires secure secret management.
- Configure ACCOUNT_REGISTRATION=false and ALLOW_UNAUTHENTICATED=false in production. Default allows open registration; first user becomes admin with no further controls visible.
- Storage: files persist in mounted volume; implement cleanup via AUTO_DELETE_EVERY_N_HOURS or manual policy to prevent disk exhaustion.
- Hardware acceleration (FFmpeg HWACCEL, GPU offload) is configurable but requires host setup and may not work in all container environments.
When to avoid it — and what to weigh
- Closed-source or proprietary software requirement — Licensed under AGPL-3.0, which requires source code disclosure for derivative works and network-accessible modifications. Commercial closed-source use requires review or license change.
- Minimal operational overhead — Requires managing multiple system dependencies (FFmpeg, ImageMagick, LibreOffice, Pandoc, etc.), Docker container orchestration, volume management, and authentication infrastructure.
- High-volume, latency-sensitive conversions — Not designed as a real-time streaming conversion engine. External tool startup overhead and single-instance architecture may limit throughput for high-concurrency scenarios.
- Niche proprietary format support — Limited to converters integrated into the project; unsupported formats require forking and development. No vendor integration (e.g., Adobe, Autodesk plugins).
License & commercial use
AGPL-3.0 (GNU Affero General Public License v3.0). Requires that any modifications or network-accessible deployment disclose full source code and license terms to users. Commercial use is not prohibited but is heavily constrained by copyleft requirements.
AGPL-3.0 is a strong copyleft license. Commercial use is legally permitted, but any modifications or network-accessible versions must open-source your changes and release under AGPL-3.0. Using as-is within your organization is safer than customizing. Requires legal review for commercial deployments or if you plan to embed/modify the source. Consider consulting counsel before commercial adoption.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
AGPL-3.0 requires source disclosure, reducing security-through-obscurity but enabling community audits. No mention of: input validation, file-size limits, malicious payload handling, sandboxing external converters, or CVE response process. Conversion processes execute system tools (FFmpeg, ImageMagick) as the container user; arbitrary format support increases exposure to parser exploits. JWT defaults to random per-restart; token replay or session fixation risks if JWT_SECRET is weak or mismanaged. No rate limiting, DDoS protection, or audit logging documented.
Alternatives to consider
Pandoc (open-source, CLI-only)
Lightweight, document-focused converter; supports 40+ input/output formats. Requires custom API wrapper and infrastructure; no built-in UI, authentication, or batch handling.
LibreOffice Online / Collabora Online (closed/open hybrid)
Web-based document editor with conversion. Heavier footprint, more complex deployment; focused on collaboration rather than pure conversion; proprietary components in Collabora.
CloudConvert / Zamzar (commercial SaaS)
Managed, scalable conversion service; handles 1000+ formats with reliability guarantees. Trade-off: data leaves your network, subscription cost, vendor lock-in. No self-hosting option.
Build on ConvertX with DEV.co software developers
ConvertX offers a privacy-first, self-hosted alternative to cloud conversion services. However, AGPL-3.0 licensing, dependency management complexity, and limited documentation require careful evaluation. Get expert guidance on licensing, deployment, security, and integration before production rollout.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
ConvertX FAQ
Can I use ConvertX commercially without open-sourcing my changes?
What happens if a conversion fails?
How do I handle large files or rate-limit conversions?
Is ConvertX suitable for my organization's GDPR/compliance requirements?
Software developers & web developers for hire
DEV.co helps companies turn open-source tools like ConvertX into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source devops stack.
Ready to Self-Host Your Conversion Pipeline?
ConvertX offers a privacy-first, self-hosted alternative to cloud conversion services. However, AGPL-3.0 licensing, dependency management complexity, and limited documentation require careful evaluation. Get expert guidance on licensing, deployment, security, and integration before production rollout.