A minimal Solid server built on Node.js and the file system.
Version 7.0.0 is a clean room rewrite — porting from .mjs to .js ES modules, cutting
the dependency count from 59 to 8, and reducing the codebase from ~7,400 lines to ~1,200
while preserving full Solid protocol compliance.
- Linked Data Platform (GET, HEAD, PUT, POST, DELETE, PATCH)
- Web Access Control via
.aclfiles - Content negotiation (Turtle, JSON-LD, N-Triples, N3)
- PATCH support (N3 Patch and SPARQL UPDATE)
- Container listings as RDF
- CORS support
- Bearer token / WebID authentication
- Built-in OIDC identity provider (use an external IdP)
- Account management UI / registration
- Multi-user / virtual host mode
- WebSocket live updates
- Data browser (mashlib)
- Email service / password reset
- Docker support
These can be added back as needed. The goal is a minimal, auditable core.
npm install -g solid-serverRequires Node.js >= 18.
# Start with defaults (port 8443, current directory)
solid start
# Specify options
solid start --port 3000 --root ./data --server-uri https://example.org
# With SSL
solid start --ssl-key key.pem --ssl-cert cert.pem
# Without authentication (development)
solid start --no-authsolid start [options]
-p, --port <port> Port to listen on (default: 8443)
--root <path> Root directory for storage (default: cwd)
--server-uri <uri> Server URI (default: https://localhost:8443)
--ssl-key <path> Path to SSL private key
--ssl-cert <path> Path to SSL certificate
--no-auth Disable authentication and ACL
import { createApp } from 'solid-server'
const app = createApp({
root: './data',
serverUri: 'https://localhost:8443',
skipAuth: false
})
app.listen(8443)The server extracts a WebID from incoming requests via:
Authorization: Bearer <webid>headerUser: <webid>header (development mode)
In production, place a reverse proxy or middleware in front that validates OIDC/DPoP tokens and sets the appropriate header.
Resources are protected by .acl files using the
Web Access Control vocabulary.
ACL files are inherited — if a resource has no .acl, the server walks
up to the parent container, and so on up to the root.
Example .acl granting public read and owner full control:
@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.
<#public>
a acl:Authorization;
acl:agentClass foaf:Agent;
acl:accessTo <./>;
acl:default <./>;
acl:mode acl:Read.
<#owner>
a acl:Authorization;
acl:agent <https://you.example.org/profile/card#me>;
acl:accessTo <./>;
acl:default <./>;
acl:mode acl:Read, acl:Write, acl:Control.DEBUG="solid:*" solid startNamespaces: solid:server, solid:ldp, solid:auth, solid:acl.
npm test56 tests covering LDP operations, headers, content negotiation, PATCH, and ACL.