TL;DR: A hand‑picked set of useful open‑source projects—focused on privacy, developer ergonomics, and things you can deploy or try in <30 minutes. Each section includes a one‑liner, links, a screenshot/OpenGraph card, and a quickstart snippet.
Shipping another OSS win 🍾
Table of Contents
- 1) pompelmi — File upload security for Node.js
- 2) Coolify — Self-hosted PaaS
- 3) Documenso — Open e‑signatures
- 4) paperless-ngx — Paperless office
- 5) Vikunja — To‑do & Kanban
- 6) SearXNG — Private meta‑search
- 7) Atuin — Smart shell history
- 8) Hurl — HTTP tests in plain text
- 9) Gatus — Uptime & status page
- 10) Meilisearch — Instant search engine
1) pompelmi — File upload security for Node.js
What it is: A drop‑in scanner that protects file uploads in Node.js from malware/RFI, with ZIP traversal hardening and heuristic checks for risky formats.
Quickstart (Express):
pnpm add pompelmi express multer
# or: npm i pompelmi express multer
// server.js
import express from "express";
import multer from "multer";
import { createScanner, CommonHeuristicsScanner, zipGuard } from "pompelmi";
const app = express();
const upload = multer({ storage: multer.memoryStorage() });
const scanner = createScanner([
["zipGuard", zipGuard],
["heuristics", CommonHeuristicsScanner],
]);
app.post("/upload", upload.single("file"), async (req, res) => {
const result = await scanner.scanBuffer(req.file.buffer, { filename: req.file.originalname });
if (result.status === "malicious" || result.status === "suspicious") {
return res.status(400).json({ ok: false, reason: result.reason, tags: result.tags });
}
res.json({ ok: true });
});
app.listen(3000, () => console.log("Listening on http://localhost:3000"));
2) Coolify — Self-hosted PaaS
What it is: A Heroku/Vercel‑like platform you run on your own VPS, managing apps, DBs, jobs, SSL, and more via a clean dashboard.
Quickstart (Docker):
curl -fsSL https://cdn.coollabs.io/coolify/install.sh | bash
Tip: Use a small VPS with Docker preinstalled. Coolify can manage Postgres/Redis and deploy from your GitHub repos.
3) Documenso — Open e‑signatures
What it is: A modern, open-source alternative to DocuSign. Self‑hostable with teams, templates, and API.
Quickstart (Docker Compose):
version: "3"
services:
documenso:
image: ghcr.io/documenso/documenso:latest
ports:
- "3000:3000"
env_file: .env
depends_on:
- db
db:
image: postgres:15
environment:
POSTGRES_PASSWORD: documenso
POSTGRES_DB: documenso
4) paperless-ngx — Paperless office
What it is: Turn your scans and PDFs into a searchable archive with OCR, auto‑tagging, and a slick UI.
Quickstart (Docker Compose):
services:
paperless:
image: ghcr.io/paperless-ngx/paperless-ngx:latest
ports:
- "8000:8000"
volumes:
- ./data:/usr/src/paperless/data
- ./media:/usr/src/paperless/media
- ./consume:/usr/src/paperless/consume
5) Vikunja — To‑do & Kanban
What it is: A lightweight task manager with lists, projects, Kanban view, reminders, and clients for web/desktop/mobile.
Quickstart (Docker Compose):
services:
api:
image: vikunja/api
environment:
VIKUNJA_DATABASE_HOST: db
ports:
- "3456:3456"
frontend:
image: vikunja/frontend
ports:
- "80:80"
db:
image: mariadb
environment:
MYSQL_ROOT_PASSWORD: vikunja
6) SearXNG — Private meta‑search
What it is: A privacy‑first metasearch engine that aggregates results from many sources without tracking.
Quickstart (Docker Compose):
services:
searxng:
image: searxng/searxng:latest
environment:
- BASE_URL=http://localhost:8080/
ports:
- "8080:8080"
7) Atuin — Smart shell history
What it is: Replaces your shell history with a SQLite‑backed, searchable, syncable store with great filters.
Quickstart:
curl -fsSL https://raw.githubusercontent.com/atuinsh/atuin/main/install.sh | bash
atuin import auto # import existing history
atuin sync start # optional encrypted sync
8) Hurl — HTTP tests in plain text
What it is: A fast CLI to run & test HTTP requests with assertions—using a readable format that’s easy to review.
Tiny demo:
# demo.hurl
GET https://httpbin.org/json
HTTP/1.1 200
[Asserts]
jsonpath "$..slideshow.title" == "Sample Slide Show"
hurl demo.hurl
9) Gatus — Uptime & status page
What it is: Config‑driven uptime monitoring with expressive conditions, nice graphs, and alerting integrations.
Quickstart (Docker Compose):
services:
gatus:
image: twinproduction/gatus:latest
ports:
- "8080:8080"
volumes:
- ./config:/config
Minimal config:
# ./config/config.yaml
endpoints:
- name: Homepage
url: "https://example.com"
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 1000"
10) Meilisearch — Instant search engine
What it is: A blazing‑fast, typo‑tolerant search engine with a dead‑simple REST API and great SDKs.
Quickstart:
docker run -it --rm -p 7700:7700 -e MEILI_MASTER_KEY=devkey getmeili/meilisearch:latest
Index something:
curl -H "Authorization: Bearer devkey" \
-X POST "http://localhost:7700/indexes/movies/documents" \
--data '[{"id":1,"title":"Inception"},{"id":2,"title":"Interstellar"}]'
Query:
curl -H "Authorization: Bearer devkey" \
"http://localhost:7700/indexes/movies/search" \
--data '{"q":"interst"}'
Bonus: Copy‑paste “launch checklist”
□ Use Docker Compose where possible (one dir per app)
□ Put app URL behind a reverse proxy (Caddy/Nginx/Traefik) with HTTPS
□ Configure backups (volumes + offsite snapshot)
□ Add health checks/alerts (Gatus)
□ Keep .env secrets out of git
Why these made the cut
- Time‑to‑value: you can try most of them in minutes.
- Self‑hostable & privacy‑friendly: you control your data and infra.
- Docs & community: active maintainers and clear onboarding.
Got another sleeper OSS project?
Drop a link + one‑liner in the comments. I’ll keep this list fresh ✨
Top comments (0)