Summary
Highlights
The Superbase SDK is problematic as it's not type-safe by default, requiring extra steps for type generation. This can cause issues with AI agents and leads to no direct SQL insert type enforcement, allowing for incorrect data insertion without compiler errors. The speaker strongly advises against using the Superbase SDK.
Superbase's security relies heavily on Row Level Security (RLS) policies. A public key is exposed, and one missing RLS policy can lead to a data breach. Many apps reportedly get hacked on day one due to overlooked RLS configurations, making the security model inherently fragile.
Superbase is a proprietary system that locks users in. Exporting data, switching providers, or using edge functions require significant re-work due to specific APIs for storage and real-time features. This limits portability and makes it difficult to migrate away from Superbase.
Superbase's pricing can quickly escalate, especially for multiple projects. While it offers a $25/month plan including compute credits for one micro or nano project, each additional project incurs extra costs. Storage is also significantly more expensive compared to alternatives like Cloudflare, and authentication can become very costly at scale.
Superior alternatives exist that address Superbase's shortcomings. Neon offers a scale-to-zero database that is 30-60% cheaper for pure database workloads and provides zero lock-in with standard ORMs. Convex offers end-to-end TypeScript, native transaction support, open-source code for no lock-in, and reactive data changes with schema validation at deploy time. The speaker also recommends using Prisma or Drizzle with any connection string for more control and flexibility.