flame
Flame is a self-hosted startpage application that lets you organize apps, bookmarks, and services in a customizable dashboard. It runs in Docker, includes built-in editors for content management, and integrates with Docker and Kubernetes to auto-discover and surface deployed services.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | pawelmalak/flame |
| Owner | pawelmalak |
| Primary language | TypeScript |
| License | MIT — OSI-approved |
| Stars | 6.5k |
| Forks | 345 |
| Open issues | 170 |
| Latest release | v2.4.0 (2026-04-24) |
| Last updated | 2026-06-25 |
| Source | https://github.com/pawelmalak/flame |
What flame is
TypeScript-based full-stack application (Node.js/Express backend, React/Redux frontend) using SQLite via Sequelize ORM. Deployed via Docker with multiarch support (amd64, armv7, arm64); integrates Docker API and Kubernetes Ingress for dynamic app discovery.
Get the flame source
Clone the repository and explore it locally.
git clone https://github.com/pawelmalak/flame.gitcd flame# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Docker Compose deployment recommended; volume mount for persistent data directory and optional Docker socket mount for Docker integration required.
- Password environment variable handling supports Docker Secrets; rotate default password immediately and use secure secret management in production.
- Weather widget requires external API key from weatherapi.com (free tier covers typical usage ~3K/month).
- Docker and Kubernetes integrations require specific label/annotation formats; document labeling strategy before rollout.
- Custom CSS and theme builder available; test theming and custom CSS thoroughly before deployment.
When to avoid it — and what to weigh
- Require role-based access control (RBAC) — Authentication system is present but data appears to be shared; granular per-user or per-team permissions are not documented.
- Need external identity provider integration — No mention of OAuth, SAML, or LDAP support; authentication is built-in password-only, requiring manual credential management.
- Expect high-volume API service discovery — Docker and Kubernetes integrations work via labels/annotations; large-scale dynamic environments or frequent app churn may require manual curation.
- Require enterprise SLA or commercial support — Open-source community project with no documented commercial support, SLA, or maintenance guarantees.
License & commercial use
MIT License: permissive, allows commercial use, modification, and distribution with attribution. No copyleft or proprietary restrictions.
MIT is a permissive OSI license; commercial use is permitted. However, this is a community-maintained open-source project without commercial backing, indemnification, or warranty. Evaluate risk tolerance and support needs independently.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
Authentication system present and documented; password can be passed via environment or Docker Secrets. Docker socket mount for API integration introduces host-level access risk and requires network isolation. SQLite as single-instance database lacks multi-tenancy isolation. No security audit, penetration test results, or vulnerability disclosure policy documented. Evaluate threat model before deploying in sensitive environments.
Alternatives to consider
Homer
Similar self-hosted startpage with YAML configuration and Helm/Kubernetes support; offers alternative deployment model but less GUI-driven content management.
Dashy
Self-hosted dashboard with more granular user management, multiple dashboard support, and widget ecosystem; higher feature complexity than Flame.
Heimdall
Self-hosted application dashboard with application management and customization; alternative UI paradigm and community ecosystem.
Build on flame with DEV.co software developers
Flame offers a lightweight, MIT-licensed solution for organizing internal services. Evaluate integration needs and security requirements, then deploy via Docker Compose.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
flame FAQ
Can I run Flame without Docker?
Does Flame support multi-user with separate dashboards?
What is the backup/restore strategy?
Can Flame auto-discover apps running outside Docker/Kubernetes?
Custom software development services
DEV.co helps companies turn open-source tools like flame into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source devops stack.
Ready to Deploy Your Internal Startpage?
Flame offers a lightweight, MIT-licensed solution for organizing internal services. Evaluate integration needs and security requirements, then deploy via Docker Compose.