Most "best SaaS stack" posts are written by people who don't ship code. This one isn't. Since 2022, we've built MakerKit on the stack below and watched hundreds of customer SaaS products ship on top of it. That's the perspective behind every pick.
The opinionated answer (TL;DR): In 2026, the production SaaS stack we recommend is Next.js 16 + React 19 + Supabase (Postgres) + Drizzle ORM + Better Auth + Stripe + Tailwind 4 + Shadcn UI + Turborepo, deployed on Vercel.
Every choice below is defended head-to-head against the obvious alternative. Where we have a deeper comparison post, we link to it as proof we did the work.
What Is a SaaS Stack?
A SaaS stack is the set of frameworks, libraries, and managed services you use to build, deploy, and operate a software-as-a-service application. A modern SaaS stack covers the frontend (UI framework), the backend or BaaS (database, auth, file storage), the data layer (ORM or query builder), payments, deployment (hosting and edge), and the supporting services (email, analytics, error monitoring, background jobs). The right stack lets a small team ship features fast, scales without rewrites, and stays cheap until paid users justify the spend.
This guide is about the application stack: the technology you use to build the product. It's not about the SaaS tools you use to run the business (CRM, accounting, billing dashboards). Different post.
The 2026 SaaS Stack at a Glance
| Layer | Our Pick | Strong Runner-up | What We Rejected (and why) |
|---|---|---|---|
| Framework | Next.js 16 (App Router, RSC) | SvelteKit | Plain Express + React SPA (too much glue code) |
| UI Library | React 19 | Vue 3 / Svelte 5 | Angular (heavier, smaller hiring pool) |
| Language | TypeScript | TypeScript | JavaScript (non-negotiable in 2026) |
| Database | Supabase (Postgres) | PlanetScale (Postgres) + Better Auth | Convex (vendor lock-in, no SQL escape hatch) |
| ORM / Query | Drizzle ORM | Prisma 6 | Raw SQL only (type-safety regression) |
| Auth | Better Auth (advanced) or Supabase Auth (simple) | — | Clerk, Auth0, NextAuth (cost, lock-in, or DIY tax) |
| Payments (B2B) | Stripe | Paddle | Roll-your-own (webhook complexity is a tax) |
| Payments (Solo) | Polar | Paddle | Stripe direct (tax compliance overhead) |
| Styling | Tailwind CSS 4 | Tailwind 4 | CSS-in-JS (styled-components, Emotion), runtime cost |
| Components | Shadcn UI (Base UI + Tailwind) | Park UI | Material UI / Ant Design (opinionated visual language) |
| Monorepo | Turborepo | pnpm workspaces (no Turbo) | Nx (unnecessary ceremony for SaaS) |
| Hosting | Vercel | Cloudflare Workers / Railway | DIY VPS (engineering tax outweighs the savings) |
| Resend | Postmark | SendGrid (UX rotted years ago) | |
| Analytics | PostHog | Mixpanel | Google Analytics (privacy-hostile, weak for product) |
| Errors | Sentry | BetterStack | Console.log + hope |
| Background jobs | Trigger.dev or Inngest | QStash | DIY cron (works until it doesn't) |
The rest of this post is the why behind every row. If you only have time to read one section, skip to the one that matters for your decision today.
Frontend & Framework: Next.js 16
Our pick: Next.js 16 with the App Router, React Server Components, and Server Actions.
Next.js 16 won the SaaS framework race, and it isn't close. The combination of React Server Components (RSC), Server Actions, route-level caching, and a deployment story that just works on Vercel makes it the path of least resistance for any SaaS that needs SSR, ISR, edge rendering, and a real backend in the same codebase.
Two things changed our mind on Next.js between 2022 and now: Server Actions made forms-and-mutations writable without an API layer, and the App Router stabilized after a rough first 18 months. By 2026, the App Router is the path. Pages Router is in maintenance mode for new projects. See our Next.js 16 release notes for what shipped and what to enable.
Next.js vs SvelteKit vs Astro vs Nuxt
SvelteKit is the closest serious React-alternative. It produces smaller bundles and a friendlier author experience. The hiring pool is smaller, the third-party ecosystem is thinner (especially for auth and payments libraries), and AI coding tools are notably weaker at Svelte than at React. If you're a solo founder fluent in Svelte, ship in Svelte. Otherwise, the React economy compounds.
Astro is the wrong tool for an app. Astro is a content site framework that can render React islands. If your "SaaS" is mostly a marketing site with a small dashboard, Astro plus a hosted dashboard works. For anything with auth, billing, and a real backend, you'll outgrow it within months.
Nuxt 4 for Vue developers is fine. Same logic as SvelteKit: smaller ecosystem, weaker AI tooling, fewer hires. If you have a Vue team, ship Vue.
Why Next.js wins for SaaS in 2026
Three reasons:
- Server Components let you keep secrets and data on the server without an API layer. A SaaS app full of authenticated dashboards is mostly server-rendered React with islands of interactivity. RSC fits that shape exactly.
- Server Actions kill the tRPC/REST debate for most mutations. A typed function call from a form to the database, with a single auth check and a Zod validator, is fewer lines than any API client.
- The deployment story is one button. Push to GitHub, get edge-rendered Next.js with image optimization, ISR, and Vercel's CDN. Even if you self-host later (we cover this below), Vercel's reference deployment makes the framework testable from day one.
The downside: Next.js sometimes ships breaking changes faster than your team wants. Pin your version, read the upgrade guide before bumping, and don't run latest in CI.
Database & Backend: Supabase + Postgres
Our pick: Supabase (Postgres, Auth, Storage, Realtime, Edge Functions).
Supabase gives you a hosted Postgres with first-class TypeScript SDKs, built-in auth, S3-compatible storage, realtime subscriptions, and edge functions, all wired together with Row-Level Security (RLS) as the enforcement layer. For a multi-tenant B2B SaaS, that bundle replaces five separate vendors.
We use Supabase for every MakerKit kit. If you're weighing Supabase against the older BaaS contenders, we've already written that piece: Supabase vs Firebase. The rest of this section focuses on the comparisons that actually matter in 2026: Convex, Neon, and PlanetScale.
Supabase vs Convex
Convex is the most-asked-about alternative in 2026. It bundles database, functions, and realtime into a tight TypeScript-first SDK with a great developer experience. The pitch is real: Convex is genuinely pleasant to use for greenfield apps.
The catch is the data model. Convex is a proprietary backend with TypeScript-defined schemas and a query language that exists only in Convex. There is no SQL escape hatch. If your SaaS later needs a data warehouse, a BI tool, a Postgres replica for reporting, or a portable schema you can lift to a self-hosted Postgres, you're rewriting. For B2B SaaS where the data is account → users → projects → resources with foreign keys, joins, and analytical queries, Postgres is still the safer long-term bet.
Convex shines for collaborative consumer apps and prototypes that may never need analytical SQL. For a billing-first multi-tenant SaaS, the lock-in cost is real.
If not Supabase, pick PlanetScale
PlanetScale Postgres is our recommended database whenever Supabase isn't the right fit. PlanetScale brings the operational maturity that made it famous at scale: horizontal scaling, deploy requests, zero-downtime schema changes, and the strongest read-replica story in the serverless Postgres space. It's the database we point customers at when they want managed Postgres without the bundled BaaS layer, paired with Better Auth for auth and Cloudflare R2 (or S3) for storage.
When PlanetScale beats Supabase: you've already standardized on a separate auth provider (Better Auth running in your own Postgres), you expect to scale past the point where a single Supabase Postgres instance gets uncomfortable, or you want PlanetScale's deploy-request schema workflow for your CI pipeline. We see PlanetScale win in teams that have outgrown the bundled-BaaS shape and prefer assembling best-of-breed pieces.
The bigger reason to bet on PlanetScale long-term: Neki, their announced "Vitess for Postgres" project. Vitess is the horizontal-sharding layer PlanetScale built (and battle-tested at YouTube scale) for MySQL, and Neki ports that same architecture to Postgres. No other managed Postgres has a credible answer to "what happens when one database server isn't enough?", and Neki is the one shipping it. If you're picking a database for a SaaS that might actually need to scale, the team that wrote the sharding layer for MySQL is the team most likely to nail it for Postgres too.
When Supabase wins (most SaaS): a small team that wants Postgres + Auth + Storage + Realtime as one vendor, with an open-source escape hatch (Supabase is open source and self-hostable). For 80% of pre-Series-A SaaS, this is the right call.
Neon is fine and has the best branching story for database-per-PR workflows, but for the "not Supabase" slot we now recommend PlanetScale on operational maturity and scale headroom. Convex is out (we covered that above).
Production gotcha: RLS performance
The thing nobody mentions in the Supabase tutorials: recursive RLS policies kill query performance. If you write an RLS policy that calls a function that re-queries the protected table, you'll get into recursive evaluation hell and a 50ms query becomes 500ms. The fix is to use SECURITY DEFINER functions for the membership check, cache the auth context, and add the right indexes (account_id, user_id).
For a deeper take on the database choice, see the best database software for startups.
ORM: Drizzle (with the Receipts)
Our pick: Drizzle ORM.
We picked Drizzle, wrote the comparison, and the comparison ranks #1 for "drizzle vs prisma" in Google. So we've earned the right to be opinionated here. Read the full breakdown in Drizzle vs Prisma; the summary is below.
Drizzle vs Prisma
| Criterion | Drizzle | Prisma |
|---|---|---|
| Bundle size | Tiny (no runtime engine) | Larger (Rust binary or WASM engine) |
| Cold starts | Fast (no engine spin-up) | Slower on serverless |
| Type safety | Inferred from schema, very precise | Generated types, very precise |
| Query API | SQL-flavored builder | Higher-level abstraction |
| Migrations | drizzle-kit (SQL files) | Prisma Migrate (managed) |
| Best for | Serverless, Postgres-heavy work | Larger teams that want abstraction |
The verdict: Drizzle in 2026 for serverless SaaS. It's lighter, has no engine to spin up on cold-start environments like Vercel and Cloudflare Workers, and reads more like the SQL you'll end up writing anyway. Prisma is still excellent if you have a larger team that values the higher-level abstraction over performance.
We also wrote a full Drizzle + Supabase integration guide showing how to wire Drizzle migrations to Supabase without breaking RLS.
A real multi-tenant query
The reason a typed ORM matters in a SaaS: every query needs an account_id filter, and forgetting one is a data leak. Drizzle catches this at compile time when you build your queries against the schema:
import { db } from '~/db';import { projects } from '~/db/schema';import { eq } from 'drizzle-orm';// Compile-time error if `accountId` is the wrong type or column doesn't exist.export async function getProjectsForAccount(accountId: string) { return db .select({ id: projects.id, name: projects.name, createdAt: projects.createdAt, }) .from(projects) .where(eq(projects.accountId, accountId)) .orderBy(projects.createdAt);}Combine this with RLS as a defense in depth, and you have type-safety at the application layer plus enforcement at the database layer. If a query slips through without the account_id filter, the RLS policy still blocks it.
When Prisma beats Drizzle
If your team has standardized on Prisma across multiple services, the productivity gains of Prisma Migrate plus Prisma Studio outweigh Drizzle's performance edge. We ship a Prisma kit for exactly this reason. Drizzle is the default; Prisma is a supported alternative.
Auth: Better Auth (or Supabase Auth)
Our pick: Better Auth for advanced multi-tenant needs, Supabase Auth for simpler products. These are the two auth layers we ship MakerKit on. We use them in production every day, and nothing else comes close on cost, data ownership, and how cleanly they integrate with the rest of this stack.
Auth is the layer where the wrong pick costs you the most rework. We ship two auth options across MakerKit, both open-source, both keep the user record in your database, and the choice between them comes down to how complex your team and permission model is. Everything else in this section is why we don't recommend the alternatives.
| Feature | Better Auth | Supabase Auth | Clerk | NextAuth (Auth.js) |
|---|---|---|---|---|
| Open source | Yes | Yes (Supabase OSS) | No | Yes |
| Self-hostable | Yes | Yes | No | Yes |
| Built-in B2B teams | Yes (organizations plugin) | DIY (custom schema) | Yes | DIY |
| Plugin ecosystem | Strong (2FA, passkeys, magic links, organizations) | Built-in providers | Strong | Provider-focused |
| Pricing at scale | Free (self-host) | Free up to 50K MAU | $25/mo + per-user above 10K MAU | Free (self-host) |
| Database ownership | Yours (Drizzle/Prisma compatible) | Yours (in your Postgres) | Theirs | Yours |
| Best for | Advanced needs, full data ownership | Bundled with Supabase | Speed-to-launch, B2C | Simple Next.js apps |
Why Better Auth is our pick for advanced needs
Better Auth shipped late 2024 and matured fast. By 2026 it's the open-source answer to Clerk for teams that want full data ownership, and it's the auth library we reach for whenever a customer outgrows the bundled Supabase Auth flows. The plugin model (organizations, two-factor, passkeys, OAuth, SSO, magic links) covers everything a serious B2B SaaS needs, without the per-user pricing curve that makes the hosted alternatives painful at 10K+ users.
What sealed it for us:
- The schema lives in your Postgres alongside the rest of your data, so you write joins instead of webhook sync code
- Drizzle and Prisma integrations are first-class. The user, session, account, and organization tables sit in the same migration history as the rest of your app
- It's free at any user count, self-hostable, and open-source. No pricing-curve surprises
- The plugin surface area (organizations, 2FA, passkeys, SSO) is what B2B SaaS actually needs out of the box
Use Better Auth when you need rich B2B teams and roles in your own database, when cost-at-scale matters, or when you're building outside Supabase but still want type-safe auth that integrates with your ORM. Our Better Auth kits ship with billing integrations for both Stripe and Polar out of the box, so you can pick the processor that fits your jurisdiction and pricing model without rewiring the billing layer.
Why Supabase Auth is our pick for everything else
If you're on Supabase (and most teams shipping a typical multi-tenant SaaS should be), Supabase Auth is the right answer. It's free up to 50K MAU, integrates natively with RLS via auth.uid(), removes a vendor from your stack, and the user record lives in the same Postgres as your application data. We ship the default MakerKit kit on Supabase Auth for exactly this reason: it's the path of least resistance for the 80% of SaaS that doesn't need exotic auth flows.
Use Supabase Auth when you're on Supabase, your auth needs are standard (email/password, magic links, OAuth providers, basic MFA), and you want RLS policies that resolve auth.uid() without a join to a foreign user table. The integration is tight enough that the rest of the stack reads as "Supabase" instead of "Supabase plus an auth service stapled on."
Why we don't recommend Clerk
Clerk is a beautiful product. The pre-built UI is the best in the market and the developer experience is hard to beat in a weekend prototype. The reasons it's not in our recommended stack:
- Pricing curve. Clerk gets expensive fast as your user count grows. Better Auth is free at every tier; Supabase Auth is free to 50K MAU.
- Data ownership. The user record lives in Clerk, not your Postgres. Every join to user data is a webhook sync away. See the "Frankenstein stack" section below for what that costs you.
- Lock-in. Migrating off Clerk later means rewriting your auth layer and backfilling users from their API. Migrating between Better Auth and Supabase Auth is a schema change.
If you genuinely want to pay for UI you don't have to build, Clerk is the best option in that category. We just don't think the tradeoff is worth it for a SaaS that intends to grow.
Why we don't recommend NextAuth/Auth.js
Auth.js (formerly NextAuth) is fine for hobby projects and simple OAuth-only apps. For multi-tenant SaaS with teams, roles, and invitations, you'll end up writing as much glue code around it as you'd write from scratch with Better Auth, without Better Auth's plugin ecosystem. If you're tempted to reach for NextAuth, reach for Better Auth instead.
Payments: Stripe (or Polar for Solo)
Our pick: Stripe for B2B and any serious SaaS. Polar for solo founders who want a Merchant of Record.
| Provider | Type | Tax/VAT handled | Fees | Best for |
|---|---|---|---|---|
| Stripe | Payment processor | Stripe Tax (extra) | 2.9% + 30¢ | B2B SaaS, anyone with a billing engineer |
| Polar | Merchant of Record | Yes (included) | 4% + 40¢ | Solo founders, indie hackers, dev-tool SaaS |
| Paddle | Merchant of Record | Yes (included) | 5% + 50¢ | Established SaaS, good for enterprise sales |
Why Stripe is still the default
Stripe wins on three things: API depth, integration ecosystem, and the fact that every billing engineer you'll ever hire already knows it. For B2B SaaS with subscriptions, usage-based billing, invoicing, and tax (via Stripe Tax), Stripe is the platform you'll grow into.
The cost: Stripe is a payment processor, not a Merchant of Record. You're responsible for sales tax / VAT collection in every jurisdiction. Stripe Tax helps but doesn't make the responsibility go away. For a US-only B2B product invoicing companies, this is fine. For a worldwide indie product selling to consumers, this is a nightmare.
When MoR (Polar / Paddle) wins
A Merchant of Record acts as the legal seller of your product. They collect the payment, handle the tax compliance, and pay you the net. The 1-2% fee premium over Stripe buys you "I never have to file VAT in Germany again." For a solo founder shipping a $20/mo product to a global audience, this is worth every basis point.
- Polar is our pick for indie and dev-tool SaaS. Cleaner API, better DX, strong open-source positioning, and the lowest MoR fees in this category.
- Paddle is more enterprise-flavored. Solid for established SaaS but the API and DX feel older than Polar.
Production gotcha: Stripe webhook idempotency
Every Stripe integration we've seen production-incident has had the same root cause: non-idempotent webhook handlers. Stripe sends the same event multiple times. Your checkout.session.completed handler will run twice. If you grant entitlements without checking whether you've already processed this event ID, you'll provision two seats, send two welcome emails, or charge a customer twice.
The pattern that works:
import { stripe } from '~/lib/stripe';import { db } from '~/db';import { processedWebhookEvents } from '~/db/schema';export async function handleStripeEvent(event: Stripe.Event) { // Insert the event ID; the unique constraint on event.id makes this idempotent. // If we've seen this event before, the insert fails and we exit early. const inserted = await db .insert(processedWebhookEvents) .values({ id: event.id, type: event.type }) .onConflictDoNothing({ target: processedWebhookEvents.id }) .returning({ id: processedWebhookEvents.id }); if (inserted.length === 0) { return; // Already processed. } switch (event.type) { case 'checkout.session.completed': await provisionSubscription(event.data.object); break; // ... other handlers }}Pair this with a uniqueness constraint on event.id in your processed_webhook_events table. Sleep better.
Styling: Tailwind CSS 4 + Shadcn UI
Our pick: Tailwind CSS 4 plus Shadcn UI primitives.
Tailwind 4 is the default. Shadcn UI is the right primitive choice in 2026 because it's not a component library you install; it's components you copy into your codebase that wrap Base UI primitives with sensible Tailwind styles. You own the code. You can customize anything. There's no library version to upgrade across breaking changes.
Why this beat CSS-in-JS
CSS-in-JS (styled-components, Emotion, Stitches) lost the SaaS race for two reasons: runtime cost and React Server Components incompatibility. Tailwind compiles to static CSS at build time. CSS-in-JS pays a runtime cost on every render, can't run in Server Components without workarounds, and adds bundle size.
By 2026, the React community has standardized on Tailwind for application styling. Even teams that wanted to hate it stopped fighting.
Why Shadcn UI is the right primitive
The 2024 design library debate (Material UI vs Chakra vs Mantine) ended when Shadcn UI showed there was a third option: a CLI that copies accessible components into your repo, styled with Tailwind, ready for you to customize. No package to upgrade. No design language locked in. Full control.
The big shift in 2026 is what those components are built on. Shadcn UI now ships a variant built on Base UI, the newest headless primitive library from the MUI team (with input from former Radix contributors). Base UI is a cleaner, smaller, and more actively developed successor to Radix. Better focus management, simpler composition APIs, fewer footguns on complex components like comboboxes and date pickers. Shadcn UI's adoption of it is the reason we now ship MakerKit on the Base-UI-based Shadcn rather than the legacy Radix variant.
We rebuilt MakerKit's design system on Shadcn UI in 2024 and migrated to the Base UI variant as soon as it stabilized. Components ship as code, not as a black-box dependency, and the underlying primitives now have a future roadmap rather than a maintenance ceiling.
When you'd pick something else
If you're building an internal admin tool where speed of construction matters more than design control, Material UI or Mantine still ship faster. For a public-facing SaaS where the design is the product, Shadcn UI is the right call.
Monorepo: Turborepo
Our pick: Turborepo (with pnpm workspaces).
A monorepo from day one is the right call for a serious SaaS. You'll want shared packages (UI components, database client, Supabase client wrappers, billing logic) usable across the main app, the marketing site, the admin dashboard, and any future apps (mobile, internal tools).
Turborepo vs Nx
Turborepo is built for JavaScript monorepos with minimal config. Caching is automatic, the task graph is clear, and Vercel's investment means it stays well-maintained.
Nx is more powerful and more opinionated. It comes from the Angular ecosystem and brings a heavier set of generators, plugins, and conventions. For a SaaS team of 1-10 people, Nx is over-engineered.
We default to Turborepo across every MakerKit kit. The MakerKit apps/web and packages/{ui,supabase,next,features} layout is a clean Turborepo setup that scales from solo founder to small team.
When you can skip the monorepo
If you're shipping a single app, no marketing site (or the marketing pages live in the same Next.js app), no shared packages, and no expectation of a second app, plain pnpm workspaces or even a single Next.js project is fine. The moment you add a second app or want shared internal packages, regret kicks in.
Deployment: Vercel (with Self-Host as Fallback)
Our pick: Vercel for default. Self-host with Coolify, Railway, or Fly.io if you must.
Vercel is the default deployment for Next.js because Vercel makes Next.js. The platform is tuned for the framework, the edge network is fast, image optimization works out of the box, and the developer experience is the best in the industry.
Vercel vs Cloudflare vs Railway vs Self-Host
Cloudflare Workers with the OpenNext.js adapter is the credible alternative if cost-at-scale matters and you can live with some Next.js feature limitations. The pricing curve is much friendlier above the free tier (typically 5-10x cheaper at scale).
Railway is the right pick when you want to run Next.js as a long-running Node server (no serverless functions) with a Postgres database next door. Pricing is predictable, the UX is clean, and you keep flexibility for non-Next.js services.
Coolify (self-hosted) is the open-source PaaS-on-your-own-VPS answer. Run on Hetzner for $20/mo and host your Next.js app, Postgres, Redis, and 30 other things. The tradeoff: you're now an SRE for your SaaS. Worth it if you're cost-sensitive and have the time.
Fly.io is excellent for global-edge deployments of long-running apps. Slightly higher learning curve than Railway.
We covered the full comparison in the best Next.js hosting providers.
When to leave Vercel
Vercel is a fantastic default that gets expensive once you cross certain usage thresholds (bandwidth, image transforms, function invocations, build minutes). The break-even where self-hosting pays for itself is roughly when your Vercel bill clears $500-1,000/month and you have a developer who can spend a day or two a month on infrastructure.
For 95% of pre-Series-A SaaS, Vercel is the right call and the engineering tax of self-hosting isn't worth it.
The Supporting Cast: Resend, PostHog, Sentry, Trigger.dev
These are the four supporting services every production SaaS needs. We could write 1,000 words on each, but the choices in 2026 are clear:
- Email: Resend. The developer experience is what every email API should have been ten years ago. React Email integration is a real productivity win. Postmark is the strong runner-up if you have a strict deliverability-first need.
- Product analytics: PostHog. Open source, self-hostable, includes session replay, feature flags, A/B testing, and product analytics in one platform. Mixpanel is the runner-up for teams that already use it.
- Error monitoring: Sentry. Still the standard. BetterStack is a credible alternative if you want logs and uptime in the same dashboard.
- Background jobs: Trigger.dev or Inngest. Both are excellent. Trigger.dev v3 has the cleaner DX in our experience. Inngest has a more mature event-driven model. Pick either.
For transactional email, see our Resend integration patterns in MakerKit docs. The principle: keep email templates as React components, send via Resend, log every send to your database for observability.
Building This Stack with AI in 2026
The 2026 stack we recommend is intentionally AI-codeable. This is the wedge nobody else mentions: the choices above weren't only made on technical merit, they were made because they have the largest training corpora in AI coding tools, the most stable APIs (so AI suggestions don't go stale), and the most predictable patterns (so generated code follows conventions).
Why this matters: in 2026, your effective velocity isn't just "how fast can you write code" but "how fast can you steer Cursor or Claude Code to write the right code". Stacks with thin training data (SvelteKit, less common ORMs, niche auth libraries) get worse AI suggestions. Stacks with massive training data (Next.js, React, Supabase, Drizzle, Stripe) get better suggestions, fewer hallucinations, and more useful autocomplete.
We covered the AI tooling space in the best vibe coding tools for SaaS and the production patterns in Claude Code best practices. The short version:
- Cursor for daily editing and inline AI
- Claude Code for multi-file features, refactors, and anything that needs the agent to run commands and verify its own work
- MakerKit as the reference codebase the AI tools learn from in your repo (the
AGENTS.mdfiles in MakerKit are intentionally written for AI tools to consume)
The MakerKit enhanceAction pattern is a good example of an AI-friendly abstraction. Server actions are typed, validated, and authenticated in a single function call:
'use server';import { enhanceAction } from '@kit/next/actions';import { z } from 'zod';const CreateProjectSchema = z.object({ name: z.string().min(1).max(255), accountId: z.string().uuid(),});export const createProjectAction = enhanceAction( async (data, user) => { // `data` is typed from the schema. `user` is the authenticated user. // RLS enforces that the user can only insert into accounts they belong to. return db.insert(projects).values({ name: data.name, accountId: data.accountId, createdBy: user.id, }).returning(); }, { schema: CreateProjectSchema, auth: true, });The pattern is small, predictable, and AI tools generate correct usages on first try because it appears hundreds of times across the codebase. Stacks that lean into convention compound this effect.
What This Stack Costs at $0, $1K, and $10K MRR
Real numbers from our own MakerKit deployments and customer reports. All in USD per month, US pricing.
| Service | $0 MRR (pre-launch) | $1K MRR | $10K MRR |
|---|---|---|---|
| Vercel | $0 (Hobby) | $20 (Pro) | $80-150 (Pro + usage) |
| Supabase | $0 (Free) | $25 (Pro) | $25-100 (Pro + add-ons) |
| Domain | $1/mo (annual) | $1 | $1 |
| Stripe | 0 (transaction fees only) | ~$32 (3.2% of $1K) | ~$320 (3.2% of $10K) |
| Resend | $0 (Free, 3K/mo) | $20 (Pro, 50K/mo) | $20-90 (Pro+) |
| PostHog | $0 (Free tier) | $0-50 | $50-200 |
| Sentry | $0 (Developer) | $26 (Team) | $80-200 (Team + volume) |
| Better Auth | $0 (self-hosted in your Postgres) | $0 | $0 |
| Trigger.dev | $0 (Free) | $0-20 | $50-200 |
| Total (excl. Stripe fees) | ~$1/mo | ~$92-115/mo | ~$306-960/mo |
| Total (incl. Stripe) | ~$1/mo | ~$124-147/mo | ~$626-1,280/mo |
The two big takeaways: this stack runs for one dollar a month before you launch (just the domain), and at $10K MRR you're spending 6-13% of revenue on infrastructure, which is normal for SaaS.
The biggest hidden cost we see in customer audits: Vercel image transforms running away when the marketing team uploads unoptimized images. Set up Vercel image limits and use a CDN-friendly format (WebP/AVIF) from the source.
Why Not Rails or Django or Laravel?
Every "best SaaS stack" post avoids this question. We're going to answer it.
The "boring stack" critique is real: Ruby on Rails, Django, and Laravel are battle-tested, productive, and have shipped more SaaS products than the entire Next.js ecosystem combined. DHH and Basecamp ship a lot of software with Rails. Pieter Levels famously runs a multi-million-dollar empire on PHP.
So why do we recommend the JavaScript stack?
- You hire one language. Frontend, backend, and edge functions all speak TypeScript. No context-switching between Ruby and JavaScript when you debug an issue that crosses the boundary.
- The frontend story is harder for Rails / Django. Hotwire and Inertia.js are real, but the moment you need a rich client-side experience (collaborative editing, complex forms, dashboards with live data), you end up adding React anyway.
- AI tools are noticeably better at TypeScript than at Ruby or Python web frameworks. This is changing, but in 2026 it's still true. Cursor and Claude Code generate higher-quality Next.js + Drizzle code than they generate Rails or Django code.
- The hiring pool for JavaScript developers is enormous. Hiring a Rails or Django developer in 2026 is harder than hiring a Next.js developer.
That said: if you and your team know Rails cold and you're shipping a CRUD-shaped SaaS, ship in Rails. The right stack is the one your team can ship with. Don't switch to JavaScript because of a blog post (including this one) if you'll be slower in JavaScript.
The Frankenstein Stack: An Anti-Pattern
The most common stack mistake we see in customer audits isn't picking the wrong tool. It's picking the right tools that don't fit together.
The Frankenstein stack: Clerk for auth + Supabase for the database + Prisma for the ORM + Vercel for deployment. Each piece is great. Together they create three sources of truth for the user record:
- Clerk has its own user table
- Supabase has
auth.users(which you might also enable) - Your application database has
public.profilesor similar
You'll spend the next six months writing webhooks to sync Clerk → Supabase, sync Supabase → your application table, and reconcile inconsistencies when one of those webhooks fails. The total cost is far higher than picking a coherent stack from the start.
The cure: pick auth and database from the same family.
- Better Auth + your own Postgres (Drizzle or Prisma)
- Supabase Auth + Supabase Postgres
- Clerk + your own Postgres (with Clerk webhook syncing accepted as a tax)
Don't mix Clerk with Supabase Auth. Don't run two ORMs. Don't deploy your Next.js app on Vercel and your auth service on Render. The stack should look like one decision, not seven.
The MakerKit kits are designed around this principle: every kit is an internally coherent stack where the pieces are wired together with shared conventions. That coherence is half of why the kits exist.
Should You Build This Stack From Scratch or Use a Starter?
The honest answer: it depends on your time vs money tradeoff.
Build from scratch when:
- You're learning and the goal is to understand each piece
- You want full control over every architectural decision
- Your stack is non-standard (you're using something exotic that no starter supports)
- You have months of runway and no immediate revenue pressure
Use a starter kit when:
- You're racing to get a product in front of customers
- You don't want to spend the first 4-8 weeks on auth, billing, multi-tenancy, and email plumbing
- You want a reference codebase that AI tools can learn from
- You'd rather pay $300-500 once than spend 100 hours writing the foundation
We cover the math in the cost of a SaaS starter kit. The short version: if your time is worth more than $5/hour, a starter kit pays for itself in the first week.
For broader context, see how to build a SaaS in 2026, our hub post for the business-and-validation side of the journey.
Disclosure: we make MakerKit, the productized version of this exact stack. We're biased. But the stack we recommend in this post is the stack we recommend regardless of whether you buy our kit or build it yourself. The stack is right; the kit is just a faster path to it.
Quick Recommendation
The 2026 SaaS stack is best for:
- Solo founders and small teams shipping B2B or B2C SaaS in 2026
- Teams that want type-safety end-to-end (TypeScript, Drizzle, RSC)
- Products that need multi-tenant teams, RBAC, and B2B subscription billing
- Anyone who wants the strongest AI coding tools (Cursor, Claude Code) to generate clean code on first try
Skip this stack if:
- You're shipping a CRUD app and your team knows Rails or Django better
- You need a non-Postgres database (you're committed to MongoDB or DynamoDB)
- You're building a content-only site (use Astro)
- You're allergic to JavaScript (in which case, why are you reading this)
Our pick: Next.js 16 + React 19 + Supabase + Drizzle + Better Auth + Stripe + Tailwind 4 + Shadcn UI + Turborepo on Vercel. That's the stack we ship MakerKit on, the stack we picked after writing every comparison post that anchors this one, and the stack we'd pick again in 2026.
Frequently Asked Questions
What is the best SaaS stack in 2026?
Is Supabase production-ready in 2026?
Drizzle or Prisma for a production SaaS?
Better Auth, Clerk, or Supabase Auth: which one for B2B SaaS?
Should I use Stripe or Polar for SaaS payments?
Vercel or self-host for a SaaS in 2026?
How much does this SaaS stack cost at $1K and $10K MRR?
Is this stack AI-codeable with Cursor and Claude Code?
Why not use Rails, Django, or Laravel for SaaS?
Will I get vendor lock-in with this stack?
Next Steps
Pick the path based on where you are:
- Starting from scratch? Read our hub post on how to build a SaaS in 2026 for the business-side context, then come back to this stack.
- Comparing one specific layer? Drill into Drizzle vs Prisma, Supabase vs Firebase, the best Next.js hosting providers, or the best database software for startups.
- Building this stack with AI? See the best vibe coding tools for SaaS and Claude Code best practices.
- Want the productized version? MakerKit is the SaaS starter kit built on this exact stack. The math on building from scratch vs starting from a kit is in the cost of a SaaS starter kit.
The stack will keep evolving. Next.js 17 will land, Better Auth will mature further, the AI coding tools will get sharper. The shape of the answer probably won't change much: a typed JavaScript framework with React Server Components, a managed Postgres with row-level security, a type-safe query builder, an open-source auth library, and a Merchant of Record or Stripe for payments. Pick the stack that lets your team ship the next feature today, not the stack that wins a Twitter argument.