Better Auth Has 13,000 GitHub Stars and Zero Interest in Being a SaaS

The Macro: Authentication Is a Tax on Every Web App

Every web application needs authentication. Every single one. And yet, after decades of web development, implementing auth is still a pain point that sucks up days or weeks of engineering time at the start of every project. The options are well-known and they all involve trade-offs that developers have learned to live with rather than love.

Auth0 (now part of Okta) pioneered the hosted auth model. Hand us your login flow, we will handle it, you pay per user. It works. It is also expensive at scale, occasionally confusing to configure, and means your user data lives on someone else’s infrastructure. Clerk arrived with a better developer experience and a more modern API, but the same fundamental model: your auth, their servers. Supabase Auth bundles authentication into a broader backend-as-a-service play. Firebase Auth is the Google version of the same idea.

Then there is the other camp. Passport.js has been the default Node.js auth library for over a decade, and it shows its age. NextAuth (now Auth.js) took a framework-specific approach that works well inside Next.js but gets awkward elsewhere. Lucia was gaining traction as a lightweight alternative before its maintainer archived the project.

The pattern is clear. Hosted solutions are convenient but expensive and lock you in. Self-hosted libraries are free but incomplete, framework-specific, or abandoned. There is a gap for something that is comprehensive like Auth0 but runs on your own database, is framework-agnostic like Passport but actually modern, and is maintained with the energy of a funded company rather than a solo maintainer who might burn out.

That gap is exactly where Better Auth lives.

The Micro: One Developer, 350K Monthly Downloads

Better Auth is built by Bereket Engida, a developer based in San Francisco who has spent years building TypeScript developer tools and open-source libraries. He is the sole founder, which in the open-source world is less of a red flag and more of a common pattern. Many of the most successful developer tools started as one-person projects: SQLite, curl, Homebrew.

The numbers tell a story. 13,000+ GitHub stars. 350,000+ monthly npm downloads. A 5,000-member Discord community. 7,000+ followers on X. 746+ open-source contributors. These are not vanity metrics. For a developer tool, npm downloads are the closest thing to revenue. They mean real developers are putting this into real projects.

The product is a comprehensive authentication framework for TypeScript. It supports 40+ social login providers (Google, GitHub, Apple, Discord, the usual suspects). It handles email and password auth, session management, password resets. It does multi-tenancy with organizations, teams, and roles. It has 50+ plugins covering passkeys, magic links, two-factor auth, JWT, API keys, and anonymous auth. It supports SSO, SAML 2.0, and SCIM provisioning for enterprise customers. It works with Next.js, Nuxt, SvelteKit, Astro, Hono, Express, and about 20 other frameworks.

The critical detail: all of this runs on your database. PostgreSQL, MySQL, SQLite, MongoDB, whatever you are using. Better Auth is not a service. It is a library. Your user data stays in your infrastructure.

Engida came through Y Combinator’s Spring 2025 batch, which tells me the plan is to build a business on top of the open-source project. The dashboard at dash.better-auth.com suggests a managed offering is either live or coming soon. The playbook is familiar: open-source core, paid cloud or enterprise tier. It worked for Supabase, it worked for PostHog, and it works especially well when the open-source project already has genuine adoption.

The Verdict

I think Better Auth is one of the strongest open-source projects I have seen come through YC in the last year. The adoption numbers are real, the product scope is ambitious but coherent, and the “own your auth” positioning hits a nerve that developers have been complaining about for years.

The risk is monetization. Open-source developer tools with massive adoption and zero revenue is a story that can end badly. MongoDB made it work. Redis made it work (eventually, controversially). Plenty of others have not. Engida needs to find a pricing model that captures value without alienating the community that built the project’s momentum.

The other risk is maintenance load. Fifty plugins, twenty frameworks, five databases, and forty social providers is an enormous surface area. With 746 contributors that load is distributed, but the architectural decisions and code review still bottleneck through the core team.

Thirty days, I would want to see the managed offering pricing and whether early customers are signing up. Sixty days, whether the enterprise features (SSO, SCIM, SAML) are driving paid adoption from companies that actually need them. Ninety days, the question is whether Better Auth can build a sales motion for enterprise without losing the developer-first ethos that got them here. The open-source flywheel is spinning. The business needs to catch up before the runway runs out.