Palmr. is a self-hosted file-sharing platform designed for users who prioritize privacy and control over their data. It offers a clean, modern interface for uploading, organizing files into folders, and sharing them via password-protected links—ideal for individuals and small teams avoiding third-party services like WeTransfer. Built as a beta project, it’s meant for those comfortable with self-hosting on their own server or VPS.
Technically, Palmr. uses Fastify for its high-performance Node.js backend, SQLite for zero-configuration metadata storage, and filesystem-based file storage with optional S3-compatible object storage. The frontend is built with Next.js 15, TypeScript, and Shadcn/ui, ensuring a responsive and secure user experience. Deployment is straightforward, requiring no external databases or cloud dependencies by default.
What You Get
- Self-hosted deployment - Deploy on your own server or VPS with no third-party dependencies, ensuring full control over data and infrastructure.
- Password-protected file links - Generate shareable links with optional password protection to restrict access to authorized recipients.
- Folder organization - Create and manage folders to categorize and share groups of files, improving file management for teams or personal use.
- S3-compatible object storage - Optionally integrate with S3-compatible services like MinIO or AWS S3 for scalable, enterprise-grade file storage.
- Reverse share functionality - Allow others to upload files to your account via a shared link, mimicking WeTransfer’s reverse upload flow.
- User management & profile settings - Create user accounts, manage profiles, reset passwords, and configure sharing preferences through a dedicated dashboard.
- File list and card views - Switch between list and card layouts to browse uploaded files with metadata like size, date, and share status.
- Admin dashboard - View all uploads, shares, and user activity in a centralized interface with settings for storage, security, and appearance.
Common Use Cases
- Running a secure client file portal - A freelance designer uses Palmr. to share large project files with clients via password-protected links, avoiding cloud services that track user behavior.
- Team file sharing within a small company - A startup team uses Palmr. to centrally store and share design assets, contracts, and reports without relying on Google Drive or Dropbox.
- Privacy-conscious individuals sharing sensitive documents - A journalist uses Palmr. to send confidential files to sources without leaving traces on commercial platforms.
- Self-hosted alternative to WeTransfer - A developer replaces WeTransfer with Palmr. to eliminate upload limits, ads, and data collection while maintaining a similar user experience.
Under The Hood
Architecture
- Monorepo structure cleanly separates web and server applications with dedicated directories, enabling independent deployment pipelines
- Server layer follows service-layer pattern with distinct controllers, services, and data access layers, though dependency injection is implicit rather than formalized
- Prisma ORM is tightly integrated with a centralized schema and generated client, ensuring type-safe database interactions across the backend
- Docker multi-stage builds and supervisor-based orchestration create production-ready containerized environments with isolated services for storage and application
- React components are purely presentational with well-defined prop interfaces, decoupled from backend logic via dedicated API routes
Tech Stack
- Node.js backend powered by Fastify with Zod for request validation and Prisma for type-safe data access
- Next.js 14 frontend with TypeScript, built using pnpm and deployed as a standalone server
- Multi-stage Docker builds with embedded MinIO for S3-compatible storage and mc CLI for object management
- Supervisor manages multiple processes in production containers, including the application server and storage service
- Monorepo coordinated via Makefile and custom scripts, with Husky hooks and pnpm for dependency and git workflow automation
Code Quality
- Test suite is extensive but lacks assertions, rendering many tests ineffective for behavior validation
- Error handling is inconsistent, relying on generic try-catch blocks without custom error classes or contextual logging
- Naming conventions are inconsistent across the codebase, mixing camelCase and snake_case without clear guidelines
- TypeScript usage is incomplete, with many interfaces and functions lacking proper type annotations or resorting to any
- Minimal linting or formatting discipline results in inconsistent code style and potential anti-patterns
What Makes It Unique
- Native API proxy in Next.js preserves session state by forwarding authentication headers, eliminating the need for client-side token management
- Server-side dynamic key generation via OpenSSL removes dependency on external secret management systems
- Embedded media sharing system generates direct-access URLs with copy-to-clipboard and i18n support for seamless content distribution
- Unified authentication proxy endpoints abstract complex flows like 2FA and user activation behind a consistent API surface
- Client-side embed URL generation uses window.location.origin to ensure environment portability without hardcoded domains