DEV.co
Open-Source DevOps · papra-hq

papra

Papra is a minimalistic, self-hosted document management and archiving platform built with TypeScript. It provides features like full-text search, document tagging, organization management, email ingestion, and content extraction, with both web and CLI interfaces.

Source: GitHub — github.com/papra-hq/papra
4.9k
GitHub stars
253
Forks
TypeScript
Primary language
AGPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorypapra-hq/papra
Ownerpapra-hq
Primary languageTypeScript
LicenseAGPL-3.0 — OSI-approved
Stars4.9k
Forks253
Open issues143
Latest release@papra/[email protected] (2026-07-04)
Last updated2026-07-07
Sourcehttps://github.com/papra-hq/papra

What papra is

TypeScript-based monorepo (SolidJS frontend, HonoJS backend, Drizzle ORM) offering document storage, search, multi-user organization support, authentication via Better Auth, job queuing via CadenceMQ, and API/SDK access. Deployed via Docker with SQLite/PostgreSQL support.

Quickstart

Get the papra source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/papra-hq/papra.gitcd papra# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Personal Document Archive

Self-hosted personal document management for receipts, warranties, contracts, and family records without cloud vendor lock-in or privacy concerns.

Team/Family Document Sharing

Multi-user organization accounts allow families or small teams to collaboratively manage shared documents with role-based access and tagging rules.

Email-Driven Document Ingestion

Automatically archive documents forwarded to Papra email addresses with full-text search, custom tagging rules, and folder-based ingestion for low-friction capture workflows.

Implementation considerations

  • AGPL-3.0 copyleft license: any deployed modifications, SaaS offerings, or integrated systems must have compatible open-source licenses; commercial use requires explicit agreement with maintainer.
  • Self-hosting requirement: no turnkey SaaS; DevOps overhead includes database setup (SQLite or PostgreSQL), reverse proxy, TLS, backup strategy, and secret management (AUTH_SECRET).
  • Content extraction (OCR/AI) backend not documented; verify image-to-text extraction dependencies, performance, and whether external service calls are required.
  • 143 open issues and young codebase (created Jan 2025): production stability unknown; assess test coverage, error handling, and data recovery procedures before live use.
  • Email ingestion and folder watchers are async via job queue (CadenceMQ); understand queue persistence, failure handling, and operational monitoring.

When to avoid it — and what to weigh

  • Requires Advanced Compliance Features — No mention of audit logging, retention policies, legal hold, or regulatory compliance (HIPAA, GDPR enforcement, eDiscovery). Verify if applicable before production use.
  • Need Commercial SaaS with SLA — AGPL-3.0 license requires self-hosting or commercial licensing agreement. No managed SaaS offering is currently available (commented out in README).
  • Enterprise Scale Required — Project is ~18 months old with 4,944 stars. No performance benchmarks, scalability guidance, or enterprise deployment patterns documented. Assess readiness for your scale.
  • Proprietary Extension Model — AGPL-3.0 means any modifications or extensions must remain open-source; incompatible with closed-source plugin ecosystems or proprietary integrations.

License & commercial use

Licensed under AGPL-3.0 (GNU Affero General Public License v3.0). This is a copyleft license requiring that any software linking to, extending, or offering Papra as a service must also be open-source under a compatible license (typically AGPL-3.0). Modifications deployed must be disclosed to users. No proprietary forks or commercial distributions are permitted without explicit written agreement.

AGPL-3.0 is not a standard commercial-friendly open-source license. Self-hosting for internal business use is likely permissible, but offering Papra as a managed service, bundling it into closed-source products, or relicensing requires direct negotiation with papra-hq/corentinth. Requires explicit review before deployment in revenue-generating or proprietary contexts.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Self-hosting shifts responsibility to operator. Review required: (1) AUTH_SECRET generation and rotation; (2) database credentials and access control; (3) TLS/reverse proxy configuration; (4) no audit logging mentioned—verify if sensitive operations are logged; (5) email ingestion endpoint authentication—ensure forged email address ingestion is prevented; (6) document sharing with passwords and expiration—assess key derivation and storage practices; (7) no formal security audit or vulnerability disclosure policy documented. Contact maintainer or review source for threat model.

Alternatives to consider

Paperless-ngx

Open-source (GPL-3.0), mature, full-featured document management with OCR, recognized for privacy-first self-hosting. Larger community and longer track record but more complex setup.

Mayan EDMS

Open-source (Apache 2.0), enterprise-grade DMS with workflow automation, ACLs, audit trails. More overhead but suitable for regulated environments.

Standard Notes or Joplin (Note + File Storage)

Simpler, more permissive licenses (AGPL/GPL), focus on encrypted personal notes and file sync. Less suited to organizational document management but lower ops burden.

Software development agency

Build on papra with DEV.co software developers

Assess license compatibility with your use case, plan your database and DevOps infrastructure, and review the self-hosting documentation before going live. Contact us if you need help navigating AGPL-3.0 terms or deployment complexity.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

papra FAQ

Can I use Papra commercially without open-sourcing my modifications?
Not without a license agreement from the maintainer. AGPL-3.0 requires that any service or derivative must be open-source. Contact papra-hq for commercial terms.
What database do I need to run Papra in production?
Drizzle ORM (mentioned in stack) typically supports SQLite (dev), PostgreSQL, MySQL. The README shows Docker quick-start but specific production DB recommendations are not in the excerpt; check self-hosting docs.
Is there managed hosting available?
No. The dashboard.papra.app link in the README is commented out. Self-hosting is currently the only deployment model.
How mature is the project for production use?
Project is ~18 months old with active development but no formal stability guarantees, security audit, or release versioning policy documented. Assess your risk tolerance and thoroughly test before production.

Work with a software development agency

DEV.co helps companies turn open-source tools like papra into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source devops stack.

Ready to Deploy Papra?

Assess license compatibility with your use case, plan your database and DevOps infrastructure, and review the self-hosting documentation before going live. Contact us if you need help navigating AGPL-3.0 terms or deployment complexity.