Back to Blog

The SaaS Boilerplate with No Vendor Lock-In (And Why It Matters)

By Aziz Ali
saas boilerplatevendor lock-inbetter-authdrizzle ormindie hacker

Most SaaS boilerplates look like a bargain until month three. That's when the Clerk bill hits, Prisma's cloud sync starts throttling you, and your Next.js app is so tightly coupled to Vercel that migrating would cost you a weekend you don't have. I built BetterStarter specifically to avoid every one of these traps — and in this article I'll show you exactly where the lock-in hides, and what a genuinely open SaaS boilerplate looks like.

Where Vendor Lock-In Actually Hides

Vendor lock-in in boilerplates is rarely upfront. It creeps in through three categories:

Auth-as-a-service pricing. Clerk charges per Monthly Active User. At a modest 2,000 MAUs you're looking at $100+/month — before you've made a dollar. That's a $1,200 annual tax on your product just for authentication. Clerk is great DX, but you're renting access to your own users.

ORM ecosystem coupling. Prisma is excellent, but its cloud products (Accelerate, Pulse) create a pull toward vendor infrastructure. Worse, Prisma's generated client is fat — slower cold starts, bigger bundles. If you've ever tried ripping out Prisma from an existing codebase, you know the pain.

Framework platform dependencies. Next.js isn't locked to Vercel, but it's optimized for it. Server Actions, Edge Functions, ISR — these all work best on Vercel's infrastructure. Switching to another host means auditing every page for compatibility. That's not theoretical, it's a real migration cost.

A no-vendor-lock-in SaaS boilerplate should let you self-host everything critical, switch cloud providers without a rewrite, and avoid per-seat pricing on foundational services.

The Lock-In Scorecard: Common Boilerplate Choices

Here's how popular boilerplate stacks score on lock-in risk:

Component Locked-In Choice Free Choice
Auth Clerk ($$/MAU) Better-Auth (self-hosted, MIT)
ORM Prisma + Accelerate Drizzle ORM (lightweight, any DB)
Email Resend, SendGrid Plunk (open-source, self-hostable)
Framework Next.js (Vercel-optimized) TanStack Start (deploy anywhere)
Runtime Node.js + PM2 Bun (fast, self-contained)
Payments — (Stripe is fine, no lock-in) Stripe ✅

The right column is exactly what BetterStarter ships with. Every piece is either open-source, self-hostable, or priced on a one-time basis.

Why Better-Auth Changes the Economics

I spent three products paying for Clerk. It was fine — until it wasn't. When your SaaS hits 5,000 MAUs, the bill is real money. When you want to export user data, you're negotiating with a vendor. When their API goes down, your auth goes down.

Better-Auth vs Clerk is a comparison I've already written in depth, but the short version: Better-Auth is MIT-licensed, self-hosted, and ships with sessions, OAuth, magic links, two-factor, and more — out of the box. You own the data. You host it. No per-seat charge ever.

// Better-Auth setup in TanStack Start — no third-party SaaS needed
import { betterAuth } from "better-auth";
import { drizzleAdapter } from "better-auth/adapters/drizzle";
import { db } from "./db";

export const auth = betterAuth({
  database: drizzleAdapter(db, {
    provider: "pg", // or "sqlite", "mysql"
  }),
  emailAndPassword: { enabled: true },
  socialProviders: {
    github: {
      clientId: process.env.GITHUB_CLIENT_ID!,
      clientSecret: process.env.GITHUB_CLIENT_SECRET!,
    },
  },
});

That's it. No dashboard. No MAU counters. No vendor.

Drizzle ORM: Lightweight and Portable

Prisma's developer experience is polished, but it's not portable. Drizzle ORM is — it's just TypeScript, it works with any SQL database, and it runs cleanly on Bun without the heavy generated client.

I've written a full Drizzle ORM vs Prisma comparison but the key point for lock-in: Drizzle schema definitions are plain TypeScript objects. Swap your database from PostgreSQL to SQLite for local dev, or move to a different Postgres provider — the ORM layer doesn't care. No Prisma schema language to learn, no migration CLI differences between environments.

// Drizzle schema — plain TypeScript, works on any SQL DB
import { pgTable, text, timestamp, boolean } from "drizzle-orm/pg-core";

export const users = pgTable("users", {
  id: text("id").primaryKey(),
  email: text("email").notNull().unique(),
  emailVerified: boolean("email_verified").default(false),
  createdAt: timestamp("created_at").defaultNow(),
});

Copy that to any project, any database, any host. That's portability.

TanStack Start + Bun: Deploy Anywhere

Next.js apps deploy best on Vercel. That's not a conspiracy — Vercel built Next.js and optimizes their platform around it. TanStack Start doesn't have a preferred host. It compiles to a standard Node (or Bun) server. You can run it on Railway, Fly.io, a $5 VPS, or your own machine.

As I covered in Bun vs Node.js for SaaS Boilerplates, Bun starts faster, runs leaner, and the toolchain is simpler. For a self-hosted setup, that matters — you're not paying for excessive compute just to match Node's baseline overhead.

The architecture of a lock-in-free SaaS stack looks like this:

flowchart TD
    A[TanStack Start + Bun] --> B[Better-Auth\nself-hosted]
    A --> C[Drizzle ORM\nany SQL DB]
    A --> D[Stripe\npayments]
    A --> E[Plunk\nopen-source email]
    B --> F[Your Postgres\nany host]
    C --> F
    E --> G[Self-hosted\nor Plunk Cloud]
    style A fill:#6366f1,color:#fff
    style B fill:#22c55e,color:#fff
    style C fill:#22c55e,color:#fff
    style E fill:#22c55e,color:#fff

Every green box is either self-hosted or vendor-agnostic. Nothing in this stack requires a specific cloud provider.

FAQ

What does vendor lock-in actually cost a solo founder? At 5,000 MAUs, Clerk alone costs ~$250/month ($3,000/year). Add Prisma Accelerate, Resend, and Vercel enterprise-tier features and you're easily at $500-800/month before revenue — a massive runway drain for a bootstrapped product.

Is Better-Auth production-ready? Yes. It's MIT-licensed, actively maintained, and handles OAuth, magic links, sessions, 2FA, and more. The ecosystem is growing fast and it's already used in production SaaS products. It's not a toy.

Can I use BetterStarter with any database? Drizzle ORM supports PostgreSQL, MySQL, and SQLite. BetterStarter ships configured for PostgreSQL (works on Neon, Supabase, Railway, or any Postgres host), but swapping is a config change, not a rewrite.

What about email — is Plunk really open-source? Yes. Plunk is MIT-licensed. You can self-host it entirely, or use their hosted plan. Either way, you're not locked into a proprietary API contract. If you outgrow Plunk, migrating is straightforward since your templates are just HTML.

Does no vendor lock-in mean more DevOps work? Slightly — you manage your own Postgres and potentially your own Plunk instance. But BetterStarter ships with sensible defaults (Neon for DB, Plunk cloud for email) that keep setup under 30 minutes. You can always migrate to self-hosted later.

If you want to skip the research and ship with a stack that's designed from day one to avoid vendor lock-in, BetterStarter is ready — Better-Auth, Drizzle, TanStack Start, Stripe, and Plunk, all wired up for $99 one-time. No subscriptions, no per-seat fees, no surprises.