documenso
Documenso is an open-source, self-hosted alternative to DocuSign for digital document signing. Built on TypeScript/React with PDF signature support (PAdES standard), it lets organizations control signing workflows without vendor lock-in.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | documenso/documenso |
| Owner | documenso |
| Primary language | TypeScript |
| License | AGPL-3.0 — OSI-approved |
| Stars | 13.7k |
| Forks | 2.9k |
| Open issues | 216 |
| Latest release | v2.14.0 (2026-06-28) |
| Last updated | 2026-07-08 |
| Source | https://github.com/documenso/documenso |
What documenso is
Full-stack TypeScript application (React Router v7, Hono server, Prisma ORM, PostgreSQL) using @libpdf/core for PDF signatures and tRPC for API communication. Supports self-hosting with Docker, email workflows via react-email, and internationalization via Lingui.
Get the documenso source
Clone the repository and explore it locally.
git clone https://github.com/documenso/documenso.gitcd documenso# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires PostgreSQL database and Node.js v22+; Docker recommended but not mandatory. Plan database backups, monitoring, and upgrades before deployment.
- PDF signature library (@libpdf/core) is the trust boundary; audit signing ceremony and key management design, especially for high-stakes workflows.
- External PR intake paused (README); fork customization is supported but diverges from upstream. Plan merge strategy and security patch monitoring.
- Email infrastructure (react-email) and Stripe payments integration baked in; configure SMTP, secrets, and payment handling before production.
- Internationalization (Lingui) included but translation completeness unknown; verify language coverage matches user base.
When to avoid it — and what to weigh
- Need Enterprise SLA / Support — Project accepts external contributions only from a small trusted group (per README note). Commercial support and SLAs require contacting for Enterprise plan; no guaranteed response times on open-source path.
- Require Advanced Compliance Out-of-Box — While PAdES-compliant, Documenso's certification status (eIDAS, ESIGN Act, UETA) and compliance reporting are not detailed in provided data. Heavily regulated sectors should verify compliance scope before adoption.
- Heavy Real-Time Collaboration Needs — No mention of simultaneous multi-user editing, document markup, or advanced collaboration features. Focus appears to be on signing workflows, not collaborative authoring.
- Minimal DevOps / Infrastructure Experience — Self-hosting requires Node.js v22+, PostgreSQL, Docker knowledge. No managed SaaS option for teams wanting zero infrastructure overhead. Gitpod / DevContainer support aids development but not production scaling.
License & commercial use
AGPL-3.0 (GNU Affero General Public License v3.0). This is a copyleft license requiring derivative works and network services to disclose source and grant same freedoms. Commercial use is permitted but derivatives must be licensed AGPL-3.0.
AGPL-3.0 permits commercial use of Documenso, but any modifications or SaaS offering using the software must release source under AGPL-3.0. Selling unmodified Documenso as-is is legal; customizing it for internal/customer use requires releasing modifications. Contact the project for Enterprise plan details if you need different licensing terms.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
AGPL-3.0 allows security audits and code review, which is essential for trust infrastructure. PDF signing is cryptographic; @libpdf/core selection should be vetted (review GitHub repo for vulnerability history). Self-hosting eliminates vendor as data intermediary but shifts security responsibility to deployer. Key management, HTTPS, database encryption, and secret rotation are deployer's responsibility. No security contact or bug bounty mentioned in provided data.
Alternatives to consider
DocuSign
Hosted SaaS with strong enterprise SLAs, compliance (eIDAS/ESIGN), integrations, and support. Trade-off: vendor lock-in, higher cost, no source transparency.
Signaturit
Open API for document signing, cloud-hosted. Middle ground: more flexible than DocuSign, less hands-on than self-hosted Documenso, but still vendor-controlled.
OpenSignPDF / Apache PDFBox
Lightweight, open-source PDF signing libraries. More DIY; you build the workflow layer. Lower features, higher development burden vs. Documenso's full-stack app.
Build on documenso with DEV.co software developers
Documenso offers transparency and control for regulated document workflows. Review the GitHub repo, test locally (npm run dx), and verify AGPL-3.0 licensing terms match your use case. Contact the maintainers for Enterprise support if needed.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
documenso FAQ
Can we modify Documenso for our business?
Is Documenso compliant with eIDAS / ESIGN Act / UETA?
How do we self-host Documenso in production?
Will the project accept our bug fixes or features?
Software developers & web developers for hire
Need help beyond evaluating documenso? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source devops integrations — and maintain them long-term.
Evaluate Documenso for Your Signing Workflow
Documenso offers transparency and control for regulated document workflows. Review the GitHub repo, test locally (npm run dx), and verify AGPL-3.0 licensing terms match your use case. Contact the maintainers for Enterprise support if needed.