DEV.co
Open-Source DevOps · CaramelFur

Picsur

Picsur is a self-hosted image sharing service similar to Imgur with built-in image conversion and editing. Written in TypeScript and deployable via Docker, it supports multiple image formats and user roles. The project is no longer actively maintained by the original author.

Source: GitHub — github.com/CaramelFur/Picsur
1.2k
GitHub stars
66
Forks
TypeScript
Primary language
AGPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryCaramelFur/Picsur
OwnerCaramelFur
Primary languageTypeScript
LicenseAGPL-3.0 — OSI-approved
Stars1.2k
Forks66
Open issues39
Latest release0.5.6 (2024-11-01)
Last updated2025-10-12
Sourcehttps://github.com/CaramelFur/Picsur

What Picsur is

Node.js/TypeScript backend with PostgreSQL, offering image upload, conversion (QOI, WEBP, HEIF, etc.), EXIF stripping, expiration, and ShareX integration. Deployed as Docker containers with CORS controls and JWT-based authentication.

Quickstart

Get the Picsur source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/CaramelFur/Picsur.gitcd Picsur# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Internal Team Image Hosting

Self-hosted alternative to public image services for teams needing control over data retention, privacy, and no external dependencies.

Screenshot & Paste Bin Replacement

Lightweight image sharing with expiration policies and user roles, suitable for development teams using ShareX or similar tools.

Privacy-Focused Content Sharing

EXIF stripping, configurable retention, and optional original file deletion make it suitable for privacy-aware users and organizations.

Implementation considerations

  • Default admin credentials via environment variable (PICSUR_ADMIN_PASSWORD); must be set securely before exposure.
  • PostgreSQL dependency required; Docker Compose example provided but requires manual configuration for production (JWT secret, file size limits).
  • HTTPS required for clipboard functionality and recommended for production security.
  • Image storage disk space grows unbounded unless expiration or 'Keep original' policies are configured.
  • EXIF stripping only applied to processed images; original files retain metadata unless 'Keep original' option is disabled.

When to avoid it — and what to weigh

  • Production Critical Infrastructure — Project is explicitly unmaintained. No guaranteed security patches, bug fixes, or feature updates. Risk assessment required for production use.
  • High-Scale or Multi-Tenant SaaS — Still in beta (v0.5.6), missing features (public gallery, albums, white mode), and no performance or scalability benchmarks documented.
  • Compliance-Heavy Environments — No documented GDPR, HIPAA, or other regulatory compliance features. Unmaintained status complicates audit trails and security certification.
  • Enterprise Support Requirements — Single-developer project with no commercial support, SLA, or roadmap. Forking required if issues arise.

License & commercial use

Licensed under AGPL-3.0 (GNU Affero General Public License v3.0). This is a copyleft license requiring any modifications or network-accessible deployments to release source code under the same license.

AGPL-3.0 is a copyleft license with network use triggers. Commercial use is permitted, but any modifications or network-accessible instances must disclose source and license under AGPL-3.0. Redistribution or SaaS offerings require source code release. Requires legal review before commercial deployment.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceStale
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitPossible
Assessment confidenceHigh
Security considerations

Default admin account requires environment variable configuration; exposure risk if misconfigured. EXIF stripping implemented but only on processed images—original files retain metadata by default. HTTPS required for clipboard and authentication security. No documented security audit, penetration testing, or vulnerability disclosure policy. Unmaintained status means no guarantee of timely security patches. CORS restrictions noted but defaults not specified.

Alternatives to consider

Imgur / ImgurAlternatives (Lightshot, Lbry.tv)

Mature, hosted services with uptime SLAs and security teams; no self-hosting operational burden.

Pixelfed / PhotoPrism

Actively maintained open-source photo sharing with stronger community support and feature richness.

Nextcloud with Image Sharing Apps

Enterprise-grade self-hosted alternative with active maintenance, LDAP/SAML auth, and broader feature set (file sync, calendar, contacts).

Software development agency

Build on Picsur with DEV.co software developers

Picsur is unmaintained and in beta. Evaluate your maintenance capacity, legal/compliance needs, and consider maintained alternatives (Pixelfed, Nextcloud) before deploying to production. Consult Devco for architecture review and security assessment.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

Picsur FAQ

Is Picsur actively maintained?
No. The original author explicitly states lack of time and energy to maintain the project. Community forks or takeovers are encouraged. Use only if you can fork and maintain independently.
Can I allow user registration on my self-hosted instance?
Yes. Go to settings → roles → guest → edit and grant the 'Register' permission. The register button will appear on the login page.
Are original image files kept by default?
No. Picsur stores images in QOI format by default to save disk space. Enable 'Keep original' in settings → general if needed, but be aware original files retain EXIF data.
What are the deployment requirements?
Docker (amd64/arm64), PostgreSQL, environment variables for admin password and JWT secret. HTTPS recommended for production. Exact resource requirements not documented.

Work with a software development agency

DEV.co helps companies turn open-source tools like Picsur into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source devops stack.

Considering Picsur for Production?

Picsur is unmaintained and in beta. Evaluate your maintenance capacity, legal/compliance needs, and consider maintained alternatives (Pixelfed, Nextcloud) before deploying to production. Consult Devco for architecture review and security assessment.