TL;DR
The 2026 SaaS consensus stack: Next.js + TypeScript + Prisma + PostgreSQL + Clerk + Stripe + Vercel. This isn't the "best" stack — it's the most battle-tested, most supported by boilerplates, and most recoverable from. Deviations are justified by specific constraints, not fashion.
The Consensus Stack
The stack that appears in 70%+ of successful indie SaaS products launched in 2024-2026:
Frontend: Next.js (App Router) + TypeScript
UI: shadcn/ui + Tailwind CSS
Database: PostgreSQL (Neon or Supabase)
ORM: Prisma (or Drizzle for edge/bundle size)
Auth: Clerk (or NextAuth/Auth.js)
Payments: Stripe
Email: Resend
File Storage: Cloudflare R2 (or Supabase Storage)
Deployment: Vercel (or Railway)
Layer-by-Layer Breakdown
Frontend Framework
Primary: Next.js (App Router) When to deviate: Remix for form-heavy apps, SvelteKit for bundle-size-critical apps
Next.js App Router (stable since 2023) provides server components, streaming, and collocated API routes. The learning curve is real, but the ecosystem support is unmatched.
// The server component pattern that makes Next.js worth it
async function Dashboard() {
// Direct DB access — no API layer needed for internal data
const [user, stats] = await Promise.all([
getCurrentUser(),
getDashboardStats(),
]);
return <DashboardUI user={user} stats={stats} />;
}
Database
Primary: PostgreSQL via Neon or Supabase When to deviate: MongoDB for document-heavy data models, PlanetScale for MySQL teams
PostgreSQL in 2026 handles almost everything: relational data, JSON documents (JSONB), full-text search (GIN indexes), time-series (with TimescaleDB). The argument for a separate specialized database rarely applies at early SaaS scale.
| Provider | Free Tier | Price | Branching | Edge |
|---|---|---|---|---|
| Neon | 0.5GB | $19/mo | ✅ Git-like | ✅ |
| Supabase | 500MB + Auth + Storage | $25/mo | ✅ | ❌ |
| PlanetScale | MySQL, scaled back free tier | $39/mo | ✅ | ✅ |
| Railway Postgres | $5/mo | Pay-as-go | ❌ | ❌ |
ORM
Primary: Prisma When to deviate: Drizzle for edge runtimes, bundle-size-sensitive apps, or teams that want SQL control
// Prisma — most boilerplates use this
const users = await prisma.user.findMany({
where: { subscriptionStatus: 'active' },
include: { subscription: true },
orderBy: { createdAt: 'desc' },
});
// Drizzle — same query, more SQL-like, ~100KB vs 7MB bundle
const users = await db
.select()
.from(usersTable)
.leftJoin(subscriptionsTable, eq(usersTable.id, subscriptionsTable.userId))
.where(eq(subscriptionsTable.status, 'active'));
Prisma wins for teams that want productivity and don't deploy to edge. Drizzle wins for edge deployments and bundle-size constraints.
Authentication
Primary: Clerk When to deviate: Auth.js/NextAuth for OSS budget control, Supabase Auth if already using Supabase
Clerk's developer experience is the best in class:
// Clerk — literally one line for a fully protected route
import { auth } from '@clerk/nextjs/server';
export default async function Dashboard() {
const { userId } = await auth();
if (!userId) redirect('/sign-in');
// ... rest of page
}
Clerk is $25/month after 10k MAU. For early SaaS that's fine. If you need B2B org support, Clerk handles multi-tenant organizations natively.
Payments
Primary: Stripe When to deviate: Lemon Squeezy if international tax compliance is your primary concern
Stripe is the default and safest choice. Every developer knows it, every webhook example uses it, every boilerplate integrates it.
// Standard Stripe subscription pattern
const session = await stripe.checkout.sessions.create({
mode: 'subscription',
customer: stripeCustomerId,
line_items: [{ price: priceId, quantity: 1 }],
success_url: `${BASE_URL}/dashboard?upgrade=success`,
cancel_url: `${BASE_URL}/pricing`,
subscription_data: { trial_period_days: 14 },
});
Primary: Resend When to deviate: SendGrid for high volume (>100k/mo), Postmark for transactional reliability
Resend has the best developer experience and React Email integration:
import { Resend } from 'resend';
import { WelcomeEmail } from '@/emails/welcome';
const resend = new Resend(process.env.RESEND_API_KEY);
await resend.emails.send({
from: 'hello@yoursaas.com',
to: user.email,
subject: 'Welcome to YourSaaS',
react: <WelcomeEmail name={user.name} />,
});
Free tier: 3,000 emails/month. $20/month for 50k/month.
Deployment
Primary: Vercel When to deviate: Railway for background jobs + cron + Docker, Render for simpler pricing, Fly.io for global edge servers
Vercel's zero-config Next.js deployment is unbeatable for getting started. The main limitation: no persistent servers (no cron jobs, no background queues natively).
For SaaS that needs queues or scheduled jobs:
Vercel (Next.js app) + Railway (background workers)
OR
Railway (everything — Next.js + workers + PostgreSQL)
The Anti-Patterns
Over-engineering for scale that doesn't exist yet:
- Microservices for an app with 100 users
- Redis queuing before you've validated the product
- Multi-region Kubernetes before $10k MRR
Under-engineering for requirements that do exist:
- No database migrations (Prisma Migrate from day one)
- No proper auth (rolling your own is a security liability)
- No error tracking (Sentry is free for small projects)
Stack diversity without justification:
- Adding Python FastAPI for one ML feature when the JS ecosystem covers 80% of use cases
- Using MongoDB when PostgreSQL JSONB covers the document model
- Deploying to AWS ECS because "we'll need to scale" when Vercel + Railway handles millions of users
Minimal Viable Stack for Solo Founders
If you're building alone and want to ship fast:
Next.js + TypeScript
Supabase (auth + database + storage — one dashboard for everything)
Stripe
Resend
Vercel
Total cost at zero revenue: ~$0/month (all free tiers). At $1k MRR, ~$50/month for real-tier services.
When to Add Complexity
Add a tool when you have the problem, not before:
| Problem | Tool to Add |
|---|---|
| Auth is complex (orgs, SSO) | Upgrade to Clerk paid or add WorkOS |
| Email volume > 3k/month | Upgrade Resend or switch to SendGrid |
| Need background jobs | Add Trigger.dev or Inngest |
| Need caching | Add Upstash Redis |
| Need search | Add Algolia or Typesense |
| Need file uploads | Add Uploadthing or Cloudflare R2 |
| Need analytics | Add PostHog |
Stack Stability vs Stack Evolution
The consensus stack above is stable — but pieces are shifting:
ORM transition: Prisma remains the default for 2026, but Drizzle is the choice for any new project deploying to edge environments (Cloudflare Workers, Vercel Edge Functions). If you anticipate edge deployment, start with Drizzle. If you're certain about serverless Node.js on Vercel, Prisma's better documentation and tooling are worth the tradeoff.
Auth transition: Auth.js (NextAuth v5) is the free default. Better Auth has gained momentum as a cleaner, more modern API — expect it to be the free default in 2027. Clerk remains the best paid option for teams that want the richest multi-tenant feature set. For a new project starting in mid-2026, consider starting with Better Auth to avoid a future migration from Auth.js.
Database hosting: Neon and Supabase are neck-and-neck for PostgreSQL hosting. Neon's branching feature (create database branches like Git branches) is valuable for staging environments and testing. Supabase's additional services (auth, storage, real-time) reduce the number of separate services if you want an integrated backend platform.
AI features: The Vercel AI SDK is the standard integration layer for LLM features. OpenAI and Anthropic are both viable providers; the Vercel AI SDK abstracts the provider choice, so you can switch later. Add the AI SDK from day one even if you don't have AI features immediately — the setup cost is minimal and the access is available when you need it.
Key Takeaways
- The 2026 SaaS consensus stack (Next.js + TypeScript + Prisma + PostgreSQL + Clerk + Stripe + Vercel) represents accumulated community validation — deviating requires a specific reason, not preference
- Prisma vs Drizzle is the most active architectural choice: Prisma for serverless Node.js on Vercel; Drizzle for edge deployments and teams that want direct SQL control
- Better Auth is the emerging Auth.js successor with a cleaner API; consider it for new projects starting in 2026 to avoid a future migration
- Supabase combines database + auth + storage in one dashboard — the all-in-one convenience reduces operational overhead significantly for solo founders
- The minimal viable stack for zero-budget launch (Next.js + Supabase + Stripe + Resend + Vercel) costs $0 until ~200 active users, covering complete SaaS requirements
- Boilerplates that match the consensus stack are easier to find community answers for, easier to hire for, and easier to maintain as the ecosystem evolves
- The Vercel AI SDK is the consensus integration layer for LLM features — add it from day one even without immediate AI feature plans, as the setup cost is minimal and the abstraction lets you switch between providers later without restructuring your codebase
When to Deviate from the Consensus Stack
The consensus stack recommendation is deliberately conservative. Deviations require justification — not "this seems more interesting" but "our specific requirements make the consensus choice worse than the alternative."
Valid deviation: replacing Clerk with Auth.js/NextAuth when the $25/month cost at 10K MAU is a meaningful constraint and you have the engineering capacity to maintain your own auth configuration. Auth.js is excellent; Clerk's premium is for developer time, not capability. For pre-revenue projects where every dollar matters, Auth.js is the correct choice.
Valid deviation: replacing Prisma with Drizzle when you're deploying to Cloudflare Workers, Vercel Edge Functions, or Bun. Drizzle's edge compatibility isn't a nice-to-have in these environments — Prisma's Node.js dependency makes it incompatible. If your deployment target requires edge runtime, Drizzle is mandatory.
Valid deviation: replacing Vercel with Railway when your SaaS requires background jobs, cron scheduling, or persistent WebSocket connections. Vercel's serverless model doesn't support these patterns natively. Railway's always-on containers handle them naturally, and Railway's Next.js support is production-ready.
Invalid deviation: replacing Next.js with SvelteKit because "bundle sizes are smaller." Unless you have a specific bundle size requirement that Next.js demonstrably fails to meet, the ecosystem cost — fewer tutorials, fewer boilerplates, fewer community answers — outweighs the bundle size benefit for most products.
Invalid deviation: replacing PostgreSQL with MongoDB because "our data is document-oriented." PostgreSQL's JSONB column type handles document-oriented data models effectively at indie SaaS scale. MongoDB's operational complexity and different query model add overhead without providing meaningful benefits until your team has DBA-level MongoDB expertise.
Evaluating Boilerplates Against This Stack
When evaluating a boilerplate, map its stack to the consensus recommendations and note every deviation. Each deviation is a question to answer before purchase.
Deviations from the consensus stack aren't automatically bad — some boilerplates make deliberate, well-reasoned choices that differ from the consensus. ShipFast's choice to use NextAuth (free) over Clerk is appropriate for its target audience of indie founders who want to minimize recurring costs. Epic Stack's choice to use Remix over Next.js is appropriate for its target audience of teams that want excellent form handling and Remix's progressive enhancement model.
The red flags are deviations without apparent reason — using a deprecated framework version, choosing a less-supported ORM without edge or performance justification, or building custom auth where established solutions exist. These deviations suggest the creator's choices weren't informed by the current ecosystem.
After noting deviations, check whether the boilerplate's structure would allow you to swap components if needed. A boilerplate that abstracts its auth layer (so you can switch from NextAuth to Clerk without touching the database queries) gives you more flexibility than one where auth assumptions permeate the entire codebase. The abstraction quality predicts the long-term customization cost of working with the boilerplate.
Find boilerplates using each tech stack combination on StarterPick.
Review T3 Stack and compare alternatives on StarterPick.
See our production SaaS free stack guide for a cost breakdown of this stack from zero.
Compare the best boilerplates that implement this consensus stack: Best SaaS boilerplates 2026.
Understand the architecture decisions that affect how well boilerplates implement this stack: Customization tax in boilerplate architecture 2026.