Lynx

Your personal links hub

Lynx is an open-source, self-hosted link manager that helps you gather all your digital touchpoints in a single page, with secure authentication and a fully customizable design.

---

📑 Table of Contents

1. Lynx
   • 🎥 Video
   • 🧪 Demo
   • ✨ Features
   • 🔒 Security Features
   • 🛠 Tech Stack
2. 🚀 Quick Start
   • 1. Clone, Install & Run
   • 2. 🚀 Deploy with Docker
   • 3. 🚀 Deploy on Railway
   • 4. 🚀 Other alternatives to deploy it
3. 📝 Changelog
4. 📌 To-Do / Next Steps
5. 👨‍💻 Developed With
6. 📜 License

---

🎥 Video

Lynx Demo

🧪 Demo

• 🌐 [Try Lynx Demo on CloudRun] https://lynx-demo.paoloronco.it]
• Admin Panel: [https://lynx-demo.paoloronco.it/admin]
• Login:
  • User: admin
  • Password: ChangeMe123! (the password can't be changed)

⚠️ The database resets automatically every 15 minutes.

---

✨ Features

• 🎨 Full Customization → personalize colors, themes, fonts, text alignment, and layouts.
• 📇 Flexible Link Management → create classic links, bulleted lists, or text cards (full-card clickable).
• 🖼 Rich Media Support → add icons, emojis, or images to your links.
• 🛠 Admin Dashboard → manage profile, links, and themes in a clean UI.
• 📦 Import/Export → backup and restore links & themes in JSON with one click.
• 🌍 Deploy Anywhere → easy setup on Railway, Render, Docker, GCP, DigitalOcean, Fly.io, and more.
• 📱 Mobile-First → responsive design that looks great on any device.
• 🗄 Standalone by Design → lightweight, no Firebase/Supabase required.
• ⚡ Fast & Modern → built with Vite, React, and Tailwind CSS.
• 🔒 Built-in HTTPS support → enable automatic SSL (self-signed) by setting ENABLE_HTTPS=true, runs alongside HTTP on port 8443.

🔒 Security Features

• 🔑 Password Security → bcryptjs hashing (12 salt rounds).
• 🛡 Token-Based Auth → JWT with signed tokens (7-day expiry).
• 💾 Database Protection → parameterized queries for SQLite, preventing SQL injection.
• 🍪 Safe Sessions → HttpOnly + SameSite cookies to mitigate XSS/CSRF risks.
• 🔍 Code Transparency → fully open-source for audits and improvements.

---

🛠 Tech Stack

<p align="center"> <img src="https://img.shields.io/badge/Node.js-339933?style=for-the-badge&logo=nodedotjs&logoColor=white" /> <img src="https://img.shields.io/badge/Express.js-000000?style=for-the-badge&logo=express&logoColor=white" /> <img src="https://img.shields.io/badge/SQLite-07405E?style=for-the-badge&logo=sqlite&logoColor=white" /> <img src="https://img.shields.io/badge/React-20232A?style=for-the-badge&logo=react&logoColor=61DAFB" /> <img src="https://img.shields.io/badge/Vite-646CFF?style=for-the-badge&logo=vite&logoColor=white" /> <img src="https://img.shields.io/badge/Tailwind_CSS-38B2AC?style=for-the-badge&logo=tailwindcss&logoColor=white" /> </p>

---

🚀 Quick Start

Credentials: User: admin Password: ChangeMe123!

<details> <summary><h3>1. Clone, Install & Run(click to expand)</h3></summary>

(prerequisite: Node.js 18+)

  git clone https://github.com/paoloronco/Lynx.git
  cd Lynx
  npm install
  npm run build
  cd server
  npm install
  cd ..
  npm run start

Public → http://localhost:3001

Admin → http://localhost:3001/admin HTTPS (optional) → https://localhost:8443 (requires ENABLE_HTTPS=true)

</details> <details> <summary><h3>2. 🚀 Deploy with Docker</h3></summary>

You can run Lynx directly using the pre-built image from Docker Hub.

1. Pull the image

   docker pull paueron/lynx:latest
   

2. Start the container

   docker run -d --name lynx \
     -p 8080:8080 \
     -p 8443:8443 \
     -e NODE_ENV=production \
     -e PORT=8080 \
     -e JWT_SECRET="your-very-secret-key" \
     -e ENABLE_HTTPS=true \
     -v lynx_data:/app/server \
     paueron/lynx:latest
   

   ⚠️ Since version v3.5.0, the container requires a JWT_SECRET to start. If it’s missing, startup will fail with an error message to prevent insecure sessions.

   Once started, the app will be available at:

   🌐 HTTP → http://localhost:8080 🔒 HTTPS → https://localhost:8443 (self-signed certificate)

   👉 http://localhost:8080/admin

3. Optional environment variables

   • JWT_SECRET – secret key used to sign JWT tokens. If not set, a random key will be generated at runtime (⚠️ highly recommended to set this in production).

   • PORT – the internal server port (default: 8080).

   • NODE_ENV – Node.js environment (default: production).

</details> <details> <summary><h3>2. 🚀 Deploy on Railway</h3></summary>

You can deploy Lynx on Railway in a few steps:

1. Go to Railway Dashboard → New → GitHub Repo
2. Connect GitHub repo (Lynx)
3. Set the following commands:
   • Build Command

     npm install && npm run build && cd server && npm install
     

   • Start Command

     npm run start
     

4. Add environment variables:

   NODE_ENV=production
   PORT=8080
   JWT_SECRET=your-very-secret-key
   ENABLE_HTTPS=true
   

5. Click Create and wait for the deployment ✨
6. Add a public domain in the settings

</details> <details> <summary><h3>4. 🚀 Other alternatives to deploy it:</h3></summary>

• Render
• DigitalOcean App Platform
• Fly.io (Docker)
• Heroku (Container)
• Google Cloud Run (Container)
• Vercel (Node.js / Static)
• Netlify (Static + Functions)
• AWS Elastic Beanstalk
• Azure App Service
• Koyeb (Serverless Containers)
• CapRover (Self-hosted PaaS)
• Dokku (Self-hosted PaaS)
• Coolify (Self-hosted PaaS)
• Northflank
• Qovery
• Cyclic.sh
• Glitch
• Replit
• Stormkit
• Appwrite (Functions/Containers)
• Supabase (Edge Functions)

</details>

---

📝 Changelog

v3.5.1

🔒 Security Updates

• All security vulnerabilities resolved
  • Fixed all runtime vulnerabilities (multer, express, react-router-dom)
  • Fixed all build-time vulnerabilities (tar, minimatch, glob, cross-spawn)
  • Updated system packages in Docker images
  • Security audit: 0 vulnerabilities detected in frontend & backend
  • Resolves GitHub Dependabot alerts #18-36 and all DockerHub CVEs

🚀 Performance

• Docker build optimization
  • Build time reduced from 18+ minutes to ~2 seconds
  • Removed --build-from-source flag for faster npm installations
  • Uses precompiled binaries for better reliability

🔧 Improvements

• Added .claude/ to .gitignore and .dockerignore
• Set PORT=8080 environment variable in Docker for consistency
• Updated SECURITY.md with comprehensive security information

v3.5.0

🔧 Admin

• Updated title to: “Lynx – Your personal links hub”
• Profile
  • Bio now supports line breaks (whitespace-pre-line)
  • Empty bio is automatically hidden (no blank space left)
  • Social links are hidden when empty
  • Profile picture now displays correctly
• Links
  • Consistent text color applied across title, description, and URL
  • Improved Text Card rendering: Link name on the first line, URL on the second line (with horizontal scroll for long URLs)
  • Added support for image/emoji next to links
  • Added ability to insert either:
    • Text Card → full card with only text, entire card clickable via a single link
    • Bulleted List → list with a title and multiple links underneath
  • Option to export/import links as JSON
  • Bug fixes in rendering icons, removing cards, and updating links
  • Fixed bugs with icons, card removal, and link updates
  • Extended customization: choose font, size, and alignment for links
• Theme
  • Removed duplicate “Content” tab (was redundant with name + bio)
  • Partially removed Typography tab → now integrated into Links and Profile sections for better UX
  • Export/Import now properly saves and restores themes
• UI
  • Updated footer to: Powered by Lynx | Lynx - Your personal links hub
  • Possibility to change the title and meta description
• Docker / Deployment
  • Added startup check for JWT_SECRET: the container will now fail to start if the environment variable JWT_SECRET is missing. This ensures proper JWT token signing and prevents session invalidation on restart. Example usage:

    docker run -d -p 8080:8080 -e JWT_SECRET="your-strong-random-secret" paueron/lynx:latest
    

  • Built-in HTTPS support → enable automatic SSL (self-signed) by setting ENABLE_HTTPS=true, runs alongside HTTP on port 8443.

---

📌 To-Do / Next Ste