Kutt is an open-source URL shortening platform designed for self-hosting, enabling users to create branded, trackable short links with full control over their data. It’s ideal for developers, marketers, and organizations seeking to replace third-party services like Bitly with a private, customizable alternative.
Built with Node.js and Express, Kutt supports SQLite, PostgreSQL, and MySQL for storage, Redis for caching, and offers a RESTful API. It can be deployed via Docker or directly on any server with Node.js 20+, and includes built-in support for OpenID Connect authentication, custom themes, and rate limiting for security.
What You Get
- Custom Domain Support - Host short links on your own domain (e.g., yourbrand.link) with optional HTTPS enforcement and manual SSL certificate management.
- Private Link Analytics - View real-time click statistics, referrers, locations, and devices for each shortened URL without third-party tracking.
- Admin Dashboard - Manage all users, links, and settings from a centralized interface with user roles and bulk link operations.
- OpenID Connect (OIDC) Login - Integrate with identity providers like Auth0, Keycloak, or Azure AD for secure, SSO-based user authentication.
- RESTful API - Programmatically create, edit, and retrieve short links using a documented API with authentication tokens and rate limits.
- Theme Customization - Override UI elements via custom CSS, images, and Handlebars templates in the /custom directory for full branding control.
Common Use Cases
- Running a branded marketing campaign - A digital agency uses Kutt to shorten campaign URLs with their client’s domain, track clicks, and avoid dependency on public shorteners.
- Internal tool link management - A DevOps team deploys Kutt internally to create memorable, trackable links for documentation, dashboards, and incident response resources.
- Privacy-focused content creators - A blogger self-hosts Kutt to shorten affiliate or external links without exposing user data to commercial analytics services.
- Enterprise SSO-enabled link service - A company enables OIDC authentication to let employees create and manage short links using their corporate credentials.
Under The Hood
Architecture
- Express-based routing with clear separation between API and web endpoints, encapsulating URL shortening logic in a dedicated service layer
- Knex.js provides environment-aware database abstraction with support for multiple SQL dialects, enabling flexible data access without vendor lock-in
- Dependency injection via singleton service modules (Redis, Queue, JWT) promotes loose coupling and testability
- Handlebars templating maintains strict separation between UI rendering and API logic, preserving clean layer boundaries
- CustomError class and centralized error middleware standardize error propagation and logging across the stack
- Modular directory structure organizes concerns into models, services, and middleware, though configuration remains fragmented across environment files
Tech Stack
- Node.js 22 and Express form the core backend, paired with Handlebars for server-side rendering
- Database flexibility is achieved through Knex with native support for MySQL, PostgreSQL, and SQLite via environment configuration
- Redis powers session management, rate limiting, and job queuing with Bull, while ioredis provides a robust client interface
- Docker-based deployment uses multi-environment compose files and an Alpine-based production image for lightweight, consistent environments
- Authentication combines Passport.js with JWT, Local, and API Key strategies, reinforced by security middleware like Helmet and rate limiting
- Type safety is partially supported via TypeScript definitions, with npm ci ensuring reproducible builds and Knex migrations managing schema evolution
Code Quality
- Test coverage is superficial, lacking meaningful assertions and focusing more on structural existence than functional validation
- Error handling is inconsistent, relying on generic try-catch blocks rather than robust custom error classes, leading to opaque failure modes
- Naming conventions vary across files, with inconsistent use of camelCase and snake_case in models and routes
- Absence of TypeScript or runtime type validation increases susceptibility to data-related runtime errors
- Linting and formatting rules are either missing or unenforced, resulting in inconsistent indentation, missing semicolons, and unstructured code patterns
What Makes It Unique
- Native Redis integration enables real-time link analytics and cache invalidation without external dependencies
- Custom URL shortening algorithm incorporates collision avoidance and customizable vanity patterns, moving beyond standard base62 encoding
- Server-side Handlebars email templates dynamically inject SVG icons, ensuring visual consistency between web and email interfaces
- Lightweight role-based API access control uses JWT claims and endpoint tagging, avoiding heavy authentication frameworks
- Auto-generated OpenAPI 3.0 documentation from route definitions creates a self-documenting, live-reference API
- Admin dashboard leverages server-rendered partials and inline SVGs to minimize frontend bloat while maintaining rich interactivity