
TL;DR
Vercel acquires the open-source authentication framework that became the go-to Next.js auth solution. HN weighs in on open source sustainability and vendor lock-in concerns.
| Resource | Link |
|---|---|
| Better Auth Joins Vercel Announcement | better-auth.com/blog/better-auth-joins-vercel |
| Better Auth Documentation | better-auth.com/docs |
| Better Auth GitHub | github.com/better-auth/better-auth |
| Vercel Blog | vercel.com/blog |
| Auth.js Documentation | authjs.dev |
Better Auth, the framework-agnostic authentication library that grew from a side project to the default auth choice for many Next.js developers, is joining Vercel. The announcement dropped today and immediately hit the Hacker News front page.
Better Auth is an open-source authentication framework created by Bereket Engida. Unlike managed auth services, it runs in your own backend and lets you own your user data. It supports:
The project launched in September 2024 and quickly gained traction. It filled a gap left by Auth.js (formerly NextAuth.js), which many developers found difficult to extend for complex use cases like multi-tenant organizations.
In a notable move, Better Auth recently acquired Auth.js/NextAuth.js itself - the library that Engida originally used before building Better Auth.
According to the announcement, Vercel will provide resources for Engida to focus full-time on the open-source framework. The partnership also includes work on an "Agent Auth Protocol" for AI agent authentication - a timely focus as agentic workflows become more common.
Vercel's post emphasizes that Better Auth will remain "open source, framework and platform agnostic."
The Hacker News thread (discussion link) surfaced familiar tensions around open source acquisitions.
The skeptics showed up immediately. One commenter wrote: "So, it's just a matter of time until they destroy this project in favour of their cloud interests." Another said they nearly used Better Auth recently and are "so glad I dodged the bullet."
The roll-your-own contingent made their case. "Auth is not hard to roll yourself. Crypto: don't do it. Auth? Easy peasy," claimed one developer. Others pushed back hard, pointing out that auth extends far beyond username/password - you need account recovery, MFA, passkeys, registration flows, progressive profiling, SAML integration, and more. "You're distracted from your core application by feature requests for your login system."
KeyCloak got multiple mentions as the safer long-term bet. It's a CNCF project, so there's no acquisition risk. But commenters noted it "shows its age" with a clunky interface and some uptime issues.
The Ory stack discussion got heated. One developer complained that self-hosted Ory is "aggressively gimped" with SSO features locked behind licensing. An Ory team member responded defensively, pointing out that "open source development needs to be paid by someone."
Some developers see the upside. "Better Auth is great, I use it for all my projects. Congrats to the team!" Multiple people noted that Better Auth already maintained next-auth security patches, so Vercel involvement could mean more resources for the ecosystem.
The LLM angle emerged. One commenter joked about rolling auth with LLMs, prompting a reply: "It's one of those things you shouldn't trust LLMs to such an extent; that part should be very solid because the consequences of bad practices are getting to front page of hacker news."
Newsletter
Get the weekly deep dive
Tutorials on Claude Code, AI agents, and dev tools, delivered free every week.
From the archive
Jul 7, 2026 • 7 min read
Jul 7, 2026 • 7 min read
Jul 7, 2026 • 7 min read
Jul 7, 2026 • 6 min read
This acquisition fits a pattern we've seen repeatedly in the developer tools space. An open-source project gains traction by solving a real problem. The maintainer(s) get stretched thin between maintenance and monetization. A larger company acquires them, promising resources and continued open-source commitment.
Sometimes it works out (React under Facebook, TypeScript under Microsoft). Sometimes the community feels burned (the Ory discussion in this thread provides a counterexample).
The key question for Better Auth users: will Vercel keep the framework truly platform-agnostic? Better Auth's database adapters mean it's relatively easy to switch providers if things go sideways. But auth is deeply integrated into applications - migration is never painless.
If you're already using Better Auth: The short-term outlook is positive. More full-time focus on the framework, no immediate changes to the open-source model. Watch for any dependencies on Vercel-specific features over the next 6-12 months.
If you're choosing an auth solution today:
The acquisition makes strategic sense for Vercel. Auth is a pain point for Next.js developers, and owning the solution (plus the agent auth protocol work) strengthens their platform story.
For the open-source ecosystem, the acquisition of Auth.js by Better Auth, followed by Vercel acquiring Better Auth, consolidates a lot of the JavaScript auth ecosystem under one roof. That's either efficient or concerning depending on your perspective.
The HN thread reveals a real tension: developers want open-source solutions maintained by full-time engineers, but they're suspicious when money enters the picture. There's no easy answer here. Somebody has to pay for the work.
Better Auth's framework-agnostic design and database adapter model mean you're not locked to Vercel's infrastructure. That's the right kind of portability to have when your auth provider gets acquired.
Read next
The Godot Foundation has established a policy banning autonomous AI agent code and substantial AI-generated contributions, citing reviewer burnout and concerns about maintainer mentorship.
6 min readDeepReinforce AI released Ornith-1.0, a family of open-source coding models claiming self-improvement. The HN thread reveals a mix of skepticism and genuine interest - here is what the model actually does and whether the hype holds up.
7 min readTernlight ships a ternary-quantized sentence encoder at 7 MB that runs semantic search at 5ms per embedding - entirely client-side via WASM, no API calls required. Here is how it works, what HN thinks, and where browser-side embeddings make sense.
6 min readTechnical content at the intersection of AI and development. Building with AI agents, Claude Code, and modern dev tools - then showing you exactly how it works.
AI app builder - describe what you want, get a deployed full-stack app with React, Supabase, and auth. No coding requi...
View ToolDrop-in auth for React/Next.js. Pre-built sign-in UI, session management, user profiles, org management. This site uses...
View ToolFull-stack AI dev environment in the browser. Describe an app, get a deployed project with database, auth, and hosting....
View ToolGives AI agents access to 250+ external tools (GitHub, Slack, Gmail, databases) with managed OAuth. Handles the auth and...
View ToolPre-configured or dynamic OAuth for remote MCP servers.
Claude CodeWhat MCP servers are, how they work, and how to build your own in 5 minutes.
AI AgentsInteractive timeline showing what's in context at each turn.
Claude Code
Ternlight ships a ternary-quantized sentence encoder at 7 MB that runs semantic search at 5ms per embedding - entirely c...

Flipper Devices announces their firmware hit 1.0 stability and outlines a new community contribution model - while HN de...

Mistral releases Leanstral 1.5, an Apache-2.0 licensed 119B parameter model (6B active) for Lean 4 theorem proving that...

The creator of Box2D releases Box3D - an open source 3D physics engine with cross-platform determinism, SIMD contact sol...

The Godot Foundation has established a policy banning autonomous AI agent code and substantial AI-generated contribution...

DeepReinforce AI released Ornith-1.0, a family of open-source coding models claiming self-improvement. The HN thread rev...

New tutorials, open-source projects, and deep dives on coding agents - delivered weekly.