With direct dependencies on Node.js modules, you outright prevent using other runtimes like Cloudflare workers, Deno, etc.

Node has decent support for WebCrypto, for example, which renders all usages of node:crypto obsolete.

At this point, I’d also argue that anything not promoting PassKeys as the default method is on the wrong track.

The API looks basically the same as any auth library and i have no idea how you approach this differently than other solutions?

I checked out the docs and it looks great and you seem to have all the bases covered but I think having a Why in the intro is helpful and comparisons to other solutions like next-auth, supabase auth etc.

I cannot comment on the quality of the library, but please change the name to something else than "Better auth" - such generic names are difficult to search for. You do want your users to find stuff relating to the library without false positives, right?

Looks pretty interesting, I see it supports social logins but doesn't look like generic oauth oidc / saml is supported yet - I think that'd be the killer feature, as rolling your own user/pass login isn't all that hard but generic SSO is where things get tricky.

If you added that, I've started working on a SCIM client implementation in typescript that could be a nice complement (or just jumpstart) in future (https://github.com/mnahkies/node-scim)

It might be better auth, but it really needs better docs!

Is this for node.js projects? I thought it would be something for a client side project.

i dislike auth libraries directly messing up with db forcing particular table schema on apps but i keep seeing it in most auth libraries in typescript/js ecosystem.

Can you share your reasoning behind the tagline? It seems like a hard sell, which doesn't necessarily help the otherwise gorgeous looking website and solid-seeming API choices. Like;

  JWT-Based Authentication: We won’t support JWT-based auth unless provided by a third-party plugin.

Right there you've missed something that, say, next-auth covers natively + extensively. What kind of "comprehensiveness" are you targeting?

EDIT: Wow, just want to double down on the "gorgeous website" comment after clicking through your docs. Well done, inspiring work! Clear, concise, and eminently navigable.

I'm not a big fan. I think the advantages of rolling your own fully custom auth outweigh the simplicity of a plug-and-play framework like this.

Sure, there might be some use-cases and I can see why people might opt for it, but not me...

[flagged]