Trilium
Trilium is a free, open-source personal knowledge base application built with TypeScript/Electron for desktop and web. It supports hierarchical note organization, rich editing, full-text search, encryption, synchronization, and scripting with a REST API.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | TriliumNext/Trilium |
| Owner | TriliumNext |
| Primary language | TypeScript |
| License | AGPL-3.0 — OSI-approved |
| Stars | 36.8k |
| Forks | 2.5k |
| Open issues | 661 |
| Latest release | v0.103.0 (2026-05-13) |
| Last updated | 2026-07-08 |
| Source | https://github.com/TriliumNext/Trilium |
What Trilium is
TypeScript/Node.js application (Electron for desktop, web server for self-hosted) with local SQLite or server-backed database, WYSIWYG editor, per-note encryption, versioning, attributes system, and extensibility via REST API and scripting. AGPL-3.0 licensed.
Get the Trilium source
Clone the repository and explore it locally.
git clone https://github.com/TriliumNext/Trilium.gitcd Trilium# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- AGPL-3.0 copyleft obligations: any networked deployment requires source disclosure to users. Internal use may differ from external SaaS; legal review recommended before commercial use.
- Sync server is community-provided; no official SaaS. Third-party hosted sync services exist but responsibility for data security/availability shifts to external provider.
- Database schema and API stable but project is at v0.103 (pre-1.0). Backward compatibility provided for migrations from zadam/trilium up to v0.90.4, but later versions increment sync protocol.
- Performance scales to 100k+ notes; no published benchmarks for concurrent users or database sizes. Test with production-scale data before committing.
- Scripting and customization require JavaScript knowledge. REST API well-documented but third-party integrations limited (no official Zapier, n8n, etc.).
When to avoid it — and what to weigh
- Closed-source or proprietary SaaS requirement — AGPL-3.0 license mandates source availability for network deployments. Commercial use requires legal review or proprietary licensing arrangement.
- Zero deployment/maintenance overhead desired — Self-hosted sync server requires infrastructure management. Desktop edition requires distribution and updates per client.
- Real-time multi-user collaborative editing — Architecture focuses on personal/async workflows. No native CRDT or operational transformation for simultaneous editing.
- Enterprise compliance/audit requirements — No documented compliance certifications (SOC2, HIPAA, etc.) and security posture not independently verified.
License & commercial use
GNU Affero General Public License v3.0 (AGPL-3.0). Copyleft license requiring source disclosure for any networked use. Commercial use and proprietary deployment require legal review or separate licensing.
AGPL-3.0 is a strong copyleft license. Internal private use may be permitted; networked or SaaS deployments require source code availability to users. No commercial dual-licensing or proprietary exemption stated. Organizations considering commercial use must consult legal counsel or contact maintainers about licensing options.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
Per-note encryption supported with granular control. No third-party security audit or penetration test results disclosed. AGPL-3.0 permits source review but cryptographic implementation verification requires expert review. OpenID and TOTP for server authentication. No documented vulnerability disclosure policy or security incident history available. Self-hosted deployments depend on operator SSL/TLS, database access control, and regular updates.
Alternatives to consider
Obsidian
Proprietary desktop-first knowledge base with vault-based storage, plugins, and commercial sync. Stronger ecosystem; lacks server mode and FOSS licensing.
Logseq
FOSS (AGPL-3.0) outliner with local-first storage and plugins. Smaller feature set than Trilium; better for outline-centric workflows.
Notion / Microsoft OneNote
Proprietary SaaS (Notion) or enterprise software (OneNote) with real-time collab and broad integrations. Zero self-hosting burden; vendor lock-in and subscription costs.
Build on Trilium with DEV.co software developers
Review the AGPL-3.0 license terms with your legal team, test desktop and server deployments, and validate sync/scripting fit for your workflow before committing to production.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
Trilium FAQ
Can we use Trilium commercially?
Is there official cloud hosting?
How does synchronization work?
What if we need real-time collaborative editing?
Software development & web development with DEV.co
DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If Trilium is part of your open-source devops roadmap, our team can implement, customize, migrate, and maintain it.
Ready to evaluate Trilium for your knowledge management?
Review the AGPL-3.0 license terms with your legal team, test desktop and server deployments, and validate sync/scripting fit for your workflow before committing to production.