Roundup

The Best SvelteKit + Supabase Starters

Supabase gives you Postgres, auth, realtime, and storage in one platform. These SvelteKit starters actually use it well — and a few don't.

By Gio

Supabase has become the default backend for indie developers building on SvelteKit. The appeal is obvious: you get Postgres, auth, realtime subscriptions, file storage, and edge functions under one roof — with a free tier generous enough to ship a real product. But “uses Supabase” isn’t a quality signal by itself. Plenty of starters bolt on Supabase Auth and call it a day.

We reviewed the SvelteKit + Supabase starters in our directory and evaluated several popular open-source options. Here’s what’s worth your time.

What Supabase actually brings to a starter

Before the picks, let’s be clear about what a good Supabase integration looks like. A starter that only uses Supabase for login is leaving most of the platform on the table.

The full stack:

  • Auth: email/password, OAuth providers, magic links, session management via the @supabase/ssr package (the old auth-helpers are deprecated)
  • Row-Level Security (RLS): Postgres policies that enforce access control at the database level — not in your application code
  • Realtime: subscribe to database changes over WebSockets, useful for dashboards, notifications, and collaborative features
  • Storage: file uploads with per-bucket access policies
  • Edge Functions: server-side Deno/TypeScript functions for webhooks, Stripe handlers, or anything that shouldn’t run client-side

A starter that configures RLS policies and shows you how to extend them is dramatically more useful than one that just wraps supabase.auth.signIn().

Our directory picks

SvelteSaaS — the complete package

SvelteSaaS is the most thorough Supabase integration in our directory. It uses Supabase for both auth and database, pairs it with Drizzle for type-safe queries, and connects Stripe for subscription billing. The shadcn-svelte UI layer means your dashboard doesn’t look like a science project.

What’s good:

  • Drizzle + Supabase Postgres gives you migration control that raw Supabase SQL doesn’t
  • Stripe webhook handlers are pre-wired to update subscription state in the database
  • The auth flow covers email verification, password reset, and OAuth — not just the happy path
  • shadcn-svelte components are accessible and themeable

What’s not:

  • At $149, you’re paying for polish. The Supabase integration itself isn’t doing anything you couldn’t wire yourself in a weekend.
  • Auth uses Lucia rather than Supabase Auth. That’s a valid architecture choice, but if you picked Supabase specifically for its auth system, this starter bypasses it.
  • The Supabase realtime and storage features are present but underutilized — it’s primarily a database + auth setup.

Best for: Teams building subscription SaaS who want Supabase as the database layer but prefer library-level auth control.

SvelteStack Pro — the kitchen sink

SvelteStack Pro throws everything at the wall. Lucia auth, Drizzle ORM, Supabase for Postgres, admin panels, user management, API routes — it’s the “I never want to make an architectural decision” starter.

What’s good:

  • Genuinely comprehensive. If it exists, this starter probably has a page for it.
  • The database layer is well-structured with proper migrations and seed data
  • Multi-role support out of the box

What’s not:

  • At $199, it’s the most expensive option. You’re paying for breadth, not necessarily depth.
  • Like SvelteSaaS, it uses Lucia over Supabase Auth. The Supabase integration is essentially “hosted Postgres” rather than a full platform play.
  • The sheer amount of code can be overwhelming. You’ll spend time deleting features you don’t need.
  • No realtime features despite having Supabase connected

Best for: Developers who want a pre-made full-stack application and plan to strip it down to what they need.

Notable open-source alternatives

CMSaasStarter

The most popular open-source SvelteKit + Supabase starter on GitHub with over 2,100 stars. It uses Supabase Auth directly (not Lucia), includes a marketing page, blog, subscription billing via Stripe, and user dashboard.

Why it matters: It’s one of the few starters that actually uses Supabase Auth as intended — with the @supabase/ssr package for proper cookie-based session management across SvelteKit’s server and client environments. The suggested hosting stack costs $0/month using Supabase and Cloudflare free tiers.

The catch: It uses DaisyUI for styling, which some teams find limiting. The code quality is good but documentation is sparse.

fnimick’s SvelteKit Supabase Auth Starter

A minimal starter focused exclusively on authentication. It uses the new @supabase/ssr libraries rather than the deprecated auth helpers, which matters more than you’d think — many older starters still reference @supabase/auth-helpers-sveltekit, a package that’s been deprecated since 2024.

Why it matters: If you want to understand how Supabase Auth should work in SvelteKit without any other opinions getting in the way, this is the reference implementation.

The catch: It’s auth-only. No database schema, no RLS examples, no billing. It’s a starting point, not a product.

engageintellect’s SvelteKit Supabase

A Svelte 5-native starter with Supabase, shadcn-svelte, GitHub OAuth, and Zod validation. Notable because it’s built with runes from the ground up rather than migrated from Svelte 4.

Why it matters: If you’re starting a new project in 2026, you want Svelte 5 syntax. This is one of the few Supabase starters that doesn’t carry legacy $: reactive statements.

The catch: Relatively new, smaller community, fewer battle-tested production deployments.

How to evaluate any Supabase starter

When you’re looking at a SvelteKit + Supabase starter, ask these questions:

  1. Does it use @supabase/ssr or the deprecated auth helpers? If you see @supabase/auth-helpers-sveltekit in the dependencies, the starter hasn’t been updated since 2024.

  2. Does it set up RLS policies? A starter that creates tables without row-level security is teaching you to build insecure applications. Your data should be protected at the Postgres level, not just in your route guards.

  3. Does it use Supabase Auth or bring its own? Neither is wrong, but know what you’re getting. Supabase Auth gives you less control but zero maintenance. Lucia/Better Auth give you more control but you own the session infrastructure.

  4. How does it handle the server/client split? Supabase in SvelteKit needs a server client (for hooks and server load functions) and a browser client (for client-side operations). If the starter only creates one client instance, it’s doing it wrong.

  5. Does it show realtime or storage usage? These are Supabase’s differentiating features. A starter that only uses Postgres and Auth could just as easily use any database.

The honest take

Most SvelteKit + Supabase starters treat Supabase as “Postgres with a nice auth API.” That’s fine — it’s a perfectly valid way to use the platform. But if you chose Supabase specifically for realtime, storage, or edge functions, you’ll likely need to wire those yourself regardless of which starter you pick.

The starters in our directory — SvelteSaaS and SvelteStack Pro — are excellent for getting a SaaS app running quickly. They just happen to use Supabase as a database host rather than leaning into the full platform.

If you want a starter that embraces Supabase as a complete backend, CMSaasStarter is the strongest open-source option right now. It actually uses Supabase Auth, costs nothing, and has a community large enough to get your questions answered.

The gap in the market? A premium SvelteKit starter that uses Supabase realtime for live features, storage for file uploads, edge functions for server logic, and RLS as the primary access control layer. That starter doesn’t exist yet. If you’re building one, submit it.

Get new starters in your inbox

Monthly picks, reviews, and the occasional deep-dive.

No spam. Unsubscribe anytime.

Need pre-built UI components for your SvelteKit project? Check out svelteblocks.com →