DEV.co
Open-Source DevOps · ToolJet

ToolJet

ToolJet is an open-source low-code platform for building internal tools, dashboards, and workflows with drag-and-drop components and 80+ data source connectors. The Community Edition provides visual app building and self-hosting flexibility, while the enterprise ToolJet AI adds AI-powered code generation and advanced access controls.

Source: GitHub — github.com/ToolJet/ToolJet
38.2k
GitHub stars
5.2k
Forks
JavaScript
Primary language
AGPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryToolJet/ToolJet
OwnerToolJet
Primary languageJavaScript
LicenseAGPL-3.0 — OSI-approved
Stars38.2k
Forks5.2k
Open issues1k
Latest releasev3.20.192-lts (2026-07-07)
Last updated2026-07-08
Sourcehttps://github.com/ToolJet/ToolJet

What ToolJet is

Built on JavaScript/TypeScript with React, ToolJet offers a visual builder with 60+ responsive components, multi-page apps, real-time collaboration, and JavaScript/Python execution. It supports Docker, Kubernetes, and major cloud deployments; data flows through a proxy-only architecture with AES-256-GCM encryption.

Quickstart

Get the ToolJet source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/ToolJet/ToolJet.gitcd ToolJet# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Internal Tool & Dashboard Rapid Development

Teams needing to quickly build admin panels, inventory dashboards, and reporting tools without custom backend work. The 80+ pre-built connectors and drag-and-drop UI significantly reduce time-to-first-app.

Self-Hosted Line-of-Business Applications

Organizations requiring data sovereignty and on-premises deployment. Flexible support for Docker, Kubernetes, and cloud VPCs, plus built-in ToolJet Database eliminates external dependencies for simple use cases.

Cross-Functional Workflow Automation

Business teams automating multi-step processes (approvals, onboarding, inventory management) with embedded code logic and SaaS integrations. Collaboration features (inline comments, mentions) support iterative refinement across departments.

Implementation considerations

  • AGPL-3.0 license mandates source code disclosure for any modifications deployed in production; internal tooling teams must review derivative licensing implications before modifying core platform code.
  • Proxy-only data flow architecture requires careful network policy configuration; ensure reverse-proxy or dedicated network layer is deployed to prevent direct database exposure.
  • ToolJet Database is built-in but simplistic; large-scale data workloads should use PostgreSQL, MongoDB, or other external connectors rather than relying on the integrated database.
  • Real-time collaboration (multiplayer editing) requires WebSocket stability; unreliable networks may cause sync issues; test thoroughly in your deployment environment.
  • JavaScript/Python code execution within apps introduces code injection vectors; implement strict access control, input validation, and code review workflows for user-created queries.

When to avoid it — and what to weigh

  • Strict Commercial Use Without Enterprise License Review — AGPL-3.0 requires source disclosure and derivative licensing; commercial deployments of modified code need written approval or enterprise licensing. Requires legal review before production proprietary use.
  • Complex High-Performance Analytics or Real-Time Streaming — ToolJet targets app builders, not analytics engines. If your primary need is sub-second latency data aggregation or complex ETL, dedicated analytics platforms (Looker, Tableau, Superset) are better fits.
  • Highly Customized Enterprise UI/UX Branding Out of the Box — White-labeling and extensive customization are enterprise-only features. Community Edition has limited theming and branding controls; custom UI frameworks may require forking.
  • Mission-Critical Systems Without Vendor Support — Community Edition lacks SLA, priority bug fixes, and dedicated support. Production systems handling regulated workloads should evaluate enterprise ToolJet AI or establish internal support capacity.

License & commercial use

ToolJet is licensed under AGPL-3.0 (GNU Affero General Public License v3.0). This is a copyleft license that requires derivative works and network-served modifications to be released under the same license and include source code availability. It is not an OSI-approved permissive license for proprietary commercial use without explicit compliance or written agreement.

AGPL-3.0 requires careful legal review for any commercial deployment. Building internal tools for your own use may fall under acceptable use, but reselling, modifying for external clients, or embedding in proprietary products requires either: (1) adherence to AGPL source disclosure and derivative licensing obligations, or (2) a written commercial license from ToolJet Solutions Inc. Do not assume commercial use is permitted without legal counsel review and potentially a paid enterprise agreement.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityModerate
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

ToolJet implements AES-256-GCM encryption and proxy-only data flow by design, reducing direct database exposure. SSO support enables centralized identity management. However: (1) code execution (JavaScript/Python) in apps creates code injection risk—input validation and access control are operator responsibility, (2) encrypted secrets stored server-side, but encryption key management strategy requires review, (3) Community Edition lacks audit logging and fine-grained row-level access control (enterprise feature), (4) no independent security audit details provided. Operators must implement query-level access policies and monitor code changes.

Alternatives to consider

Retool

Closed-source SaaS-first low-code platform with similar drag-and-drop UI and 100+ integrations. Offers better enterprise support and compliance (SOC 2) out of the box, but requires cloud hosting and has higher licensing costs. Suitable if vendor lock-in and managed security are acceptable.

Budibase

Open-source low-code platform with BUSL-1.1 license (source-available but restrictive). Self-hosted and containerized. Lower adoption than ToolJet (6k stars vs 38k) but simpler licensing for internal use. Consider if AGPL concerns are prohibitive.

Apache Superset

Open-source Apache 2.0 analytics and dashboarding platform. Better suited for data visualization and BI use cases; not a general internal tool builder. Choose if your primary need is analytics dashboards, not workflow automation or CRUD apps.

Software development agency

Build on ToolJet with DEV.co software developers

Start with a Docker trial (see README), review the AGPL-3.0 licensing implications with your legal team, and test integrations against your data sources. For production deployments, consider enterprise ToolJet AI or establish a strong internal support plan. Contact Devco for guidance on licensing compliance and deployment architecture.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

ToolJet FAQ

Can we modify ToolJet and deploy it internally without open-sourcing changes?
Only if you have a written commercial license from ToolJet Solutions Inc. AGPL-3.0 requires source disclosure and derivative licensing for any modified version deployed or networked. Internal use (no external users) may have narrower obligations, but legal review is mandatory before relying on this assumption in production.
What is the difference between ToolJet Community Edition and ToolJet AI?
Community Edition (CE, AGPL-3.0) includes the visual builder, 60+ components, 80+ connectors, self-hosting, and collaboration. ToolJet AI (enterprise) adds AI app generation from prompts, AI query builder, AI debugging, agent builder, role-based access control, audit logs, white-labeling, GitSync, and premium support. AI features are not available in CE.
Is ToolJet suitable for production deployments?
Yes, with caveats. LTS releases (v3.20.192-lts) are recommended for stability. Community Edition lacks audit logs and SLA support; organizations should establish internal support processes or upgrade to ToolJet AI for mission-critical systems. Careful network security, secrets management, and access control are operator responsibility.
How do we handle secrets and API keys in ToolJet?
ToolJet stores encrypted secrets (AES-256-GCM) server-side. Use environment variables and secrets management tools (HashiCorp Vault, cloud KMS) for rotation and audit trails. Query-level access controls (enterprise) further restrict which users can view or modify credentials. Community Edition requires manual governance.

Software developers & web developers for hire

DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If ToolJet is part of your open-source devops roadmap, our team can implement, customize, migrate, and maintain it.

Ready to Evaluate ToolJet for Your Organization?

Start with a Docker trial (see README), review the AGPL-3.0 licensing implications with your legal team, and test integrations against your data sources. For production deployments, consider enterprise ToolJet AI or establish a strong internal support plan. Contact Devco for guidance on licensing compliance and deployment architecture.