papra
Papra is a minimalistic, self-hosted document management and archiving platform built with TypeScript. It provides features like full-text search, document tagging, organization management, email ingestion, and content extraction, with both web and CLI interfaces.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | papra-hq/papra |
| Owner | papra-hq |
| Primary language | TypeScript |
| License | AGPL-3.0 — OSI-approved |
| Stars | 4.9k |
| Forks | 253 |
| Open issues | 143 |
| Latest release | @papra/[email protected] (2026-07-04) |
| Last updated | 2026-07-07 |
| Source | https://github.com/papra-hq/papra |
What papra is
TypeScript-based monorepo (SolidJS frontend, HonoJS backend, Drizzle ORM) offering document storage, search, multi-user organization support, authentication via Better Auth, job queuing via CadenceMQ, and API/SDK access. Deployed via Docker with SQLite/PostgreSQL support.
Get the papra source
Clone the repository and explore it locally.
git clone https://github.com/papra-hq/papra.gitcd papra# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- AGPL-3.0 copyleft license: any deployed modifications, SaaS offerings, or integrated systems must have compatible open-source licenses; commercial use requires explicit agreement with maintainer.
- Self-hosting requirement: no turnkey SaaS; DevOps overhead includes database setup (SQLite or PostgreSQL), reverse proxy, TLS, backup strategy, and secret management (AUTH_SECRET).
- Content extraction (OCR/AI) backend not documented; verify image-to-text extraction dependencies, performance, and whether external service calls are required.
- 143 open issues and young codebase (created Jan 2025): production stability unknown; assess test coverage, error handling, and data recovery procedures before live use.
- Email ingestion and folder watchers are async via job queue (CadenceMQ); understand queue persistence, failure handling, and operational monitoring.
When to avoid it — and what to weigh
- Requires Advanced Compliance Features — No mention of audit logging, retention policies, legal hold, or regulatory compliance (HIPAA, GDPR enforcement, eDiscovery). Verify if applicable before production use.
- Need Commercial SaaS with SLA — AGPL-3.0 license requires self-hosting or commercial licensing agreement. No managed SaaS offering is currently available (commented out in README).
- Enterprise Scale Required — Project is ~18 months old with 4,944 stars. No performance benchmarks, scalability guidance, or enterprise deployment patterns documented. Assess readiness for your scale.
- Proprietary Extension Model — AGPL-3.0 means any modifications or extensions must remain open-source; incompatible with closed-source plugin ecosystems or proprietary integrations.
License & commercial use
Licensed under AGPL-3.0 (GNU Affero General Public License v3.0). This is a copyleft license requiring that any software linking to, extending, or offering Papra as a service must also be open-source under a compatible license (typically AGPL-3.0). Modifications deployed must be disclosed to users. No proprietary forks or commercial distributions are permitted without explicit written agreement.
AGPL-3.0 is not a standard commercial-friendly open-source license. Self-hosting for internal business use is likely permissible, but offering Papra as a managed service, bundling it into closed-source products, or relicensing requires direct negotiation with papra-hq/corentinth. Requires explicit review before deployment in revenue-generating or proprietary contexts.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
Self-hosting shifts responsibility to operator. Review required: (1) AUTH_SECRET generation and rotation; (2) database credentials and access control; (3) TLS/reverse proxy configuration; (4) no audit logging mentioned—verify if sensitive operations are logged; (5) email ingestion endpoint authentication—ensure forged email address ingestion is prevented; (6) document sharing with passwords and expiration—assess key derivation and storage practices; (7) no formal security audit or vulnerability disclosure policy documented. Contact maintainer or review source for threat model.
Alternatives to consider
Paperless-ngx
Open-source (GPL-3.0), mature, full-featured document management with OCR, recognized for privacy-first self-hosting. Larger community and longer track record but more complex setup.
Mayan EDMS
Open-source (Apache 2.0), enterprise-grade DMS with workflow automation, ACLs, audit trails. More overhead but suitable for regulated environments.
Standard Notes or Joplin (Note + File Storage)
Simpler, more permissive licenses (AGPL/GPL), focus on encrypted personal notes and file sync. Less suited to organizational document management but lower ops burden.
Build on papra with DEV.co software developers
Assess license compatibility with your use case, plan your database and DevOps infrastructure, and review the self-hosting documentation before going live. Contact us if you need help navigating AGPL-3.0 terms or deployment complexity.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
papra FAQ
Can I use Papra commercially without open-sourcing my modifications?
What database do I need to run Papra in production?
Is there managed hosting available?
How mature is the project for production use?
Work with a software development agency
DEV.co helps companies turn open-source tools like papra into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source devops stack.
Ready to Deploy Papra?
Assess license compatibility with your use case, plan your database and DevOps infrastructure, and review the self-hosting documentation before going live. Contact us if you need help navigating AGPL-3.0 terms or deployment complexity.