DEV.co
Open-Source Ecommerce · vendurehq

vendure

Vendure is an open-source headless commerce platform built with TypeScript, NestJS, and GraphQL. It provides a self-hosted, extensible backend for D2C, B2B, marketplace, and omnichannel commerce without vendor lock-in.

Source: GitHub — github.com/vendurehq/vendure
8.2k
GitHub stars
1.4k
Forks
TypeScript
Primary language
Other
License (Requires review (not clearly OSI))

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryvendurehq/vendure
Ownervendurehq
Primary languageTypeScript
LicenseOther — Requires review (not clearly OSI)
Stars8.2k
Forks1.4k
Open issues246
Latest releasev3.7.0 (2026-07-01)
Last updated2026-07-07
Sourcehttps://github.com/vendurehq/vendure

What vendure is

Node.js/NestJS backend with GraphQL API, React/TanStack admin dashboard, and plugin-first architecture. Supports PostgreSQL, MySQL, MariaDB, and SQLite; deployable on self-hosted, Docker, Kubernetes, or cloud infrastructure. Strong end-to-end TypeScript typing.

Quickstart

Get the vendure source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/vendurehq/vendure.gitcd vendure# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Custom Commerce Workflows

Extend or override core pricing, promotions, tax, and shipping logic via stable plugin contracts without forking. Ideal for teams needing domain-specific commerce rules (B2B pricing tiers, marketplace splits, omnichannel inventory).

Multi-Channel / Omnichannel Deployments

Single backend GraphQL API serves D2C storefronts, B2B portals, and marketplace frontends simultaneously. Avoids stitching together multiple commerce platforms.

TypeScript-First Development Teams

End-to-end TypeScript stack with introspectable GraphQL schema. Strong typing reduces runtime errors; schema enables LLM tool-calling and agent framework integration.

Implementation considerations

  • Requires Node.js 20.19+ or 22.12+ and a SQL database (PostgreSQL, MySQL, MariaDB, or SQLite). Plan database schema and replication strategy for production.
  • Plugin architecture is stable; build custom entities and workflows on top without core patches. Assess internal plugin development velocity and testing maturity.
  • GraphQL API is introspectable but requires frontend framework alignment. Verify React/TanStack admin dashboard customization needs early.
  • Production readiness proven at enterprise scale, but self-hosted deployments require monitoring, backup, and incident response planning.
  • Monorepo structure for contributing; clone only to contribute to core. Use `npx @vendure/create` for new projects.

When to avoid it — and what to weigh

  • SaaS-Only Preference — Vendure is self-hosted by default. Managed PaaS (Vendure Cloud) and enterprise licensing (Vendure Platform) available separately; not all-in-one SaaS out of the box.
  • Proprietary Lock-In Expected — GPLv3 license and plugin exception allow community extensions, but source is copyleft. Teams requiring non-copyleft derivatives should review licensing FAQ or seek commercial license.
  • Low DevOps Overhead Required — Requires Node.js runtime management and SQL database. Self-hosted deployments demand DevOps capability for production setup (Docker, Kubernetes, cloud provisioning).
  • Out-of-Box Enterprise Features — Advanced features (SSO, approval workflows, B2B pricing parity) require Vendure Platform commercial subscription. Open-source core is feature-rich but not comprehensive for all enterprise use cases.

License & commercial use

Vendure is licensed under GPLv3. A plugin license exception allows custom plugins to be released under any license. Building against the GraphQL API does not make storefronts or services subject to GPLv3. Commercial licensing for Vendure Platform is available; review the licensing FAQ for derivative use cases.

GPLv3 core is free to use commercially if no modifications or forked versions are distributed. Building storefronts or services using the GraphQL API does not trigger copyleft obligations. If you modify core Vendure and distribute the result, GPLv3 requires source disclosure. Vendure Platform (SSO, approval workflows, B2B features) requires separate commercial license. Requires review if custom core modifications and redistribution are planned.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityModerate
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

GPLv3 code is publicly auditable. No security posture, penetration test reports, or formal vulnerability disclosure program stated in provided data. Self-hosted deployments require standard Node.js/SQL database hardening (authentication, TLS, WAF, rate-limiting, secrets management). Requires review: OWASP compliance, data encryption, and incident response SLAs for production use.

Alternatives to consider

Medusa

Open-source headless commerce on Node.js/TypeScript with modular plugin system. Similar tech stack; Medusa focuses on API-first developer experience. Compare extensibility, community size, and enterprise features.

Shopify Plus

Managed SaaS with extensive app ecosystem and enterprise support. Trade-off: vendor lock-in and higher cost vs. Vendure's self-hosted control and lower marginal cost.

WooCommerce + Headless CMS

PHP-based, mature WordPress ecosystem. Lighter overhead than Vendure but less tightly integrated. Consider if existing WordPress investment exists.

Software development agency

Build on vendure with DEV.co software developers

Vendure's plugin-first TypeScript stack and self-hosted model fit teams needing extensibility without vendor constraints. Discuss architecture, deployment strategy, and custom workflow needs with our team.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

vendure FAQ

Can I use Vendure in production?
Yes. Vendure is proven at enterprise scale and in production with high transaction volume. Use Vendure Cloud for managed PaaS or self-host with your own DevOps.
Do I need to understand GraphQL to use Vendure?
The admin dashboard abstracts GraphQL. Custom storefront development requires GraphQL knowledge. The schema is introspectable and supports LLM tool-calling frameworks.
Can I extend Vendure without modifying core?
Yes. Plugin contracts and service overrides are stable. Add custom entities, pricing, and workflows without forking. Plugin license exception lets you release plugins under any license.
What about copyleft concerns if I build on Vendure?
Building a storefront or service via the GraphQL API does not trigger GPLv3 obligations. If you modify and redistribute core Vendure, you must share source. Review the licensing FAQ for your use case or contact Vendure for commercial licensing.

Custom software development services

Adopting vendure is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source ecommerce software in production.

Ready to Build Custom Commerce?

Vendure's plugin-first TypeScript stack and self-hosted model fit teams needing extensibility without vendor constraints. Discuss architecture, deployment strategy, and custom workflow needs with our team.