Short version: Supastarter and Already overlap significantly on core SaaS infrastructure — both use Supabase Auth, both have Stripe billing, both have i18n and basic org support. The key differences: Already charges once ($199) versus Supastarter's subscription (~$149/month). Already uses Drizzle ORM; Supastarter uses Prisma. And Already ships background jobs, API key management, AI integration, and hardened security that Supastarter doesn't include.
Feature matrix
| Feature | Supastarter | Already |
|---|---|---|
| Framework & Language | ||
| Next.js App Router | ✓ | ✓ |
| TypeScript | ✓ | ✓ |
| Tailwind CSS | ✓ | ✓ |
| shadcn/ui components | ✓ | ✓ |
| ORM | Prisma | Drizzle |
| Database | Supabase Postgres | Supabase Postgres |
| Authentication | ||
| Supabase Auth | ✓ | ✓ |
| Pre-built auth UI | ✓ | ✓ |
| Email + password, OAuth, magic link | ✓ | ✓ |
| TOTP 2FA (authenticator app) | — | ✓ |
| Passkeys (WebAuthn) | — | ✓ |
| Auth event audit log | — | ✓ |
| Billing & Payments | ||
| Stripe integration | ✓ | ✓ |
| Idempotent webhook handler | — | ✓ |
| Dead-letter queue for failed webhooks | — | ✓ |
| Plan-based feature gating | ✓ | ✓ |
| Customer billing portal | ✓ | ✓ |
| Multi-tenancy & Orgs | ||
| Organisation / team model | ~basic | ✓ |
| Role-based access control (RBAC) | ~basic | ✓ |
| Member invitations | ✓ | ✓ |
| Row-level security (Postgres RLS) | ~partial | ✓ |
| Query-layer tenant scoping | — | ✓ |
| Admin dashboard with impersonation | ~basic | ✓ |
| Messaging | ||
| Transactional email | ✓ | ✓ |
| In-app notifications (Realtime) | — | ✓ |
| Background Work | ||
| Cron-based background jobs | — | ✓ |
| Postgres-backed job queue | — | ✓ |
| API key management (hashed at rest) | — | ✓ |
| Security & Hardening | ||
| CSP nonces | — | ✓ |
| Rate limiting | — | ✓ |
| Suspicious activity detection | — | ✓ |
| GDPR export + deletion endpoints | ✓ | ✓ |
| AI & Developer Experience | ||
| Multi-provider AI module | — | ✓ |
| AI credits ledger | — | ✓ |
| Feature flags (PostHog) | — | ✓ |
| AI-native context (CLAUDE.md / Cursor rules) | — | ✓ |
| i18n (next-intl) | ✓ | ✓ |
| Cost | ||
| Pricing model | ~$149/mo | $199 one-time |
| Own the code outright | ~subscribed | ✓ |
✓ Included · — Not included · Amber text = partial implementation.
Auth
Supastarter
Ships Supabase Auth with pre-built UI covering email + password, OAuth, and magic link. Solid and complete for most B2B use cases. No TOTP 2FA support, no passkeys, and no auth event audit log — the last one matters if you're selling to compliance-conscious buyers.
Already complete
Same Supabase Auth foundation, but extended with TOTP 2FA, passkeys (WebAuthn), and a full auth event audit log tracking every sign-in by device, IP, and timestamp. Email enumeration protection and rate limiting on all auth endpoints are on by default.
Billing
Supastarter
Reasonably complete Stripe integration — subscriptions, customer portal, and plan-based feature gating are covered. The webhook handler works but is not idempotent, and there is no dead-letter queue for failed webhook events. Silent billing failures are a real operational risk at scale.
Already complete
Full Stripe integration with idempotent webhook handling and a dead-letter queue for failed events. Plan-based feature gating, customer portal, trial periods with grace periods, and billing email notifications are all wired. Production-grade from the start.
Multi-tenancy
Supastarter
Includes a basic team/org model with member invitations and simple role assignment. Postgres RLS is partially implemented. Query-layer tenant scoping — the additional safeguard that prevents cross-tenant data leaks at the application level — is not included.
Already complete
Full multi-tenant org model with both Postgres RLS and query-layer tenant scoping. Member invitations with role assignment, full RBAC, and an admin dashboard with user impersonation. The combination of RLS plus query-layer isolation is the correct approach for production B2B SaaS.
Pricing model — the deciding factor
Supastarter
Subscription pricing: roughly $149/month or $899/year. You access updates and support while subscribed. If you cancel, you keep what you downloaded, but stop receiving updates. For a two-year build cycle, that's $1,800–$3,600 for the starter kit alone.
Already one-time
$199 Solo or $399 Team — one-time, own the code permanently. No recurring fee. For teams building a product over multiple years, the difference compounds quickly. Already ships more modules at a fraction of the multi-year cost of a subscription kit.
Who should use what
Use Supastarter when
- You prefer Prisma and are comfortable with its trade-offs
- GDPR compliance and a European team are meaningful to you
- You want an active community and regular update cadence
- Your product doesn't need background jobs or API keys
- A subscription model fits your team's procurement process
Use Already when
- You want to pay once and own the code outright
- You need background jobs and a job queue wired from day one
- API key management is on your roadmap
- You want TOTP 2FA, passkeys, and a full auth audit log
- AI integration and AI-native DX (CLAUDE.md) matter to you
- You want Drizzle ORM for better serverless performance
The honest comparison
Supastarter is a solid, well-maintained starter with a clear GDPR focus and a European team that cares about compliance. If you prefer Prisma, value an active community, and are comfortable with a subscription, it's a legitimate choice. The core SaaS modules — auth, billing, basic org support, i18n — are well-executed.
Already ships more modules outright: background jobs, API key management, AI integration, hardened security, and AI-native developer experience. And it charges once. For a team building a product over two or three years, that difference in both scope and total cost is material.