DEV.co
Open-Source DevOps · documenso

documenso

Documenso is an open-source, self-hosted alternative to DocuSign for digital document signing. Built on TypeScript/React with PDF signature support (PAdES standard), it lets organizations control signing workflows without vendor lock-in.

Source: GitHub — github.com/documenso/documenso
13.7k
GitHub stars
2.9k
Forks
TypeScript
Primary language
AGPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorydocumenso/documenso
Ownerdocumenso
Primary languageTypeScript
LicenseAGPL-3.0 — OSI-approved
Stars13.7k
Forks2.9k
Open issues216
Latest releasev2.14.0 (2026-06-28)
Last updated2026-07-08
Sourcehttps://github.com/documenso/documenso

What documenso is

Full-stack TypeScript application (React Router v7, Hono server, Prisma ORM, PostgreSQL) using @libpdf/core for PDF signatures and tRPC for API communication. Supports self-hosting with Docker, email workflows via react-email, and internationalization via Lingui.

Quickstart

Get the documenso source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/documenso/documenso.gitcd documenso# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Self-Hosted Document Signing for Regulated Industries

Organizations handling sensitive documents (finance, legal, healthcare) that require data residency, audit trails, and control over signing infrastructure can self-host Documenso to comply with data sovereignty requirements.

Vendor Lock-In Avoidance

Teams wanting to avoid DocuSign licensing costs or feature restrictions can fork and customize Documenso, controlling roadmap and pricing while maintaining audit-friendly PAdES-compliant signatures.

Internal Workflow Automation

Small-to-medium teams (startups, internal ops) can integrate Documenso into custom workflows via tRPC API, automating contract signing, approvals, and document management without external SaaS dependencies.

Implementation considerations

  • Requires PostgreSQL database and Node.js v22+; Docker recommended but not mandatory. Plan database backups, monitoring, and upgrades before deployment.
  • PDF signature library (@libpdf/core) is the trust boundary; audit signing ceremony and key management design, especially for high-stakes workflows.
  • External PR intake paused (README); fork customization is supported but diverges from upstream. Plan merge strategy and security patch monitoring.
  • Email infrastructure (react-email) and Stripe payments integration baked in; configure SMTP, secrets, and payment handling before production.
  • Internationalization (Lingui) included but translation completeness unknown; verify language coverage matches user base.

When to avoid it — and what to weigh

  • Need Enterprise SLA / Support — Project accepts external contributions only from a small trusted group (per README note). Commercial support and SLAs require contacting for Enterprise plan; no guaranteed response times on open-source path.
  • Require Advanced Compliance Out-of-Box — While PAdES-compliant, Documenso's certification status (eIDAS, ESIGN Act, UETA) and compliance reporting are not detailed in provided data. Heavily regulated sectors should verify compliance scope before adoption.
  • Heavy Real-Time Collaboration Needs — No mention of simultaneous multi-user editing, document markup, or advanced collaboration features. Focus appears to be on signing workflows, not collaborative authoring.
  • Minimal DevOps / Infrastructure Experience — Self-hosting requires Node.js v22+, PostgreSQL, Docker knowledge. No managed SaaS option for teams wanting zero infrastructure overhead. Gitpod / DevContainer support aids development but not production scaling.

License & commercial use

AGPL-3.0 (GNU Affero General Public License v3.0). This is a copyleft license requiring derivative works and network services to disclose source and grant same freedoms. Commercial use is permitted but derivatives must be licensed AGPL-3.0.

AGPL-3.0 permits commercial use of Documenso, but any modifications or SaaS offering using the software must release source under AGPL-3.0. Selling unmodified Documenso as-is is legal; customizing it for internal/customer use requires releasing modifications. Contact the project for Enterprise plan details if you need different licensing terms.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitGood
Assessment confidenceHigh
Security considerations

AGPL-3.0 allows security audits and code review, which is essential for trust infrastructure. PDF signing is cryptographic; @libpdf/core selection should be vetted (review GitHub repo for vulnerability history). Self-hosting eliminates vendor as data intermediary but shifts security responsibility to deployer. Key management, HTTPS, database encryption, and secret rotation are deployer's responsibility. No security contact or bug bounty mentioned in provided data.

Alternatives to consider

DocuSign

Hosted SaaS with strong enterprise SLAs, compliance (eIDAS/ESIGN), integrations, and support. Trade-off: vendor lock-in, higher cost, no source transparency.

Signaturit

Open API for document signing, cloud-hosted. Middle ground: more flexible than DocuSign, less hands-on than self-hosted Documenso, but still vendor-controlled.

OpenSignPDF / Apache PDFBox

Lightweight, open-source PDF signing libraries. More DIY; you build the workflow layer. Lower features, higher development burden vs. Documenso's full-stack app.

Software development agency

Build on documenso with DEV.co software developers

Documenso offers transparency and control for regulated document workflows. Review the GitHub repo, test locally (npm run dx), and verify AGPL-3.0 licensing terms match your use case. Contact the maintainers for Enterprise support if needed.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

documenso FAQ

Can we modify Documenso for our business?
Yes. AGPL-3.0 allows modification. If you distribute (SaaS or binary), you must release source and modifications under AGPL-3.0. For internal use only, AGPL is less restrictive. For commercial flexibility, contact project for Enterprise licensing.
Is Documenso compliant with eIDAS / ESIGN Act / UETA?
Not stated in provided data. Project uses PAdES standard (good indicator), but certification status and compliance claims require verification with the project or legal review for your jurisdiction.
How do we self-host Documenso in production?
Manual setup guide exists at docs.documenso.com. Docker images available on DockerHub and GitHub Container Registry. Production deployment (TLS, reverse proxy, database backups, monitoring) is deployer's responsibility; no turnkey Kubernetes/managed hosting documented here.
Will the project accept our bug fixes or features?
No, as of the README note. External PRs are paused except for a small trusted group. Contribute via detailed issues instead. If critical, fork and maintain separately, or negotiate directly with maintainers.

Software developers & web developers for hire

Need help beyond evaluating documenso? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source devops integrations — and maintain them long-term.

Evaluate Documenso for Your Signing Workflow

Documenso offers transparency and control for regulated document workflows. Review the GitHub repo, test locally (npm run dx), and verify AGPL-3.0 licensing terms match your use case. Contact the maintainers for Enterprise support if needed.