Lucia vs Hanko for Solo Developers
Comparing Lucia and Hanko for solo developers. Features, pricing, pros and cons, and which one to pick for your next project.
Quick Comparison
| Feature | Lucia | Hanko |
|---|---|---|
| Type | Open-source auth library (JS/TS) | Passkey-first auth platform (open source) |
| Latest version | 3.2.2, last published October 2024, npm package deprecated | Backend v2.5.0 (March 2026), hanko-elements 2.6.0 (April 2026) |
| Maintenance status | Deprecated, now positioned as a learning resource | Actively developed, latest backend commit May 2026 |
| GitHub stars | 10,466 | 8,939 |
| npm downloads (last week) | 203,729 (lucia) | 4,419 (@teamhanko/hanko-elements) |
| Pricing | Free and open source | Self-hosted free, Cloud free up to 10,000 MAU, Pro $29/mo plus $0.01 per MAU over 10,000 |
| Learning Curve | Moderate-High | Easy-Moderate |
| Best For | Custom auth logic in JS/TS apps | Modern passwordless authentication with passkeys |
| Solo Dev Rating | 7/10 | 7/10 |
Lucia Overview
Lucia is an open-source auth library that provides session management and token handling as building blocks. You install the npm package, configure a database adapter, and build your auth flows using Lucia's functions. Registration, login, OAuth, password hashing, and middleware are your responsibility. Lucia handles the cryptographic layer and stays out of everything else.
The philosophy is ownership. Every line of auth code is in your codebase, using your database schema, following your rules. No external service calls during authentication, no monthly bills, no vendor dependency.
I built a side project with Lucia where I needed custom session attributes that no managed service supported. The library let me define exactly what sessions contained and how they expired. It took longer to set up than a managed service, but the end result was mine.
Hanko Overview
Hanko is an open-source authentication platform designed around passkeys and WebAuthn. Instead of passwords, users authenticate with biometrics: Face ID, Touch ID, or Windows Hello. Hanko provides web components (<hanko-auth>, <hanko-profile>) that render complete auth flows you drop into your frontend.
The backend is a Go server you can self-host or use via Hanko Cloud. It handles passkey registration, WebAuthn challenges, email passcode fallback, and user management. The web components are framework-agnostic and work with React, Vue, Svelte, or vanilla HTML.
I tried Hanko in a prototype and the user experience was impressive. Users register with a passkey, then future logins are a single biometric tap. No passwords to remember or type, no MFA codes. The convenience is genuine.
Key Differences
Auth approach. Lucia gives you building blocks for traditional auth: passwords, sessions, cookies. You can implement any auth pattern, but you build it yourself. Hanko gives you a complete passkey-first auth flow as a pre-built component. The approaches are fundamentally different. Lucia is a toolkit. Hanko is a solution.
Setup time. Hanko's web components can be added to a page in under an hour. Drop in <hanko-auth>, point it at your Hanko backend, and you have a working passkey login. Lucia takes several hours because you're building forms, handlers, middleware, and password logic from scratch. Hanko gets you to working auth much faster.
User experience. Hanko's passkey flow is genuinely better for end users. One biometric tap to log in. No password to remember, no reset emails, no 2FA codes. Lucia-based auth typically means traditional email/password forms, which users are familiar with but which aren't as smooth.
Flexibility. Lucia wins on flexibility. You can build any auth pattern: custom session schemas, unusual token logic, multi-step auth flows, or hybrid approaches that no opinionated platform supports. Hanko is opinionated about passkeys being the primary method. If you need traditional password auth or custom flows, Hanko isn't the right tool.
Self-hosting. Both are self-hostable and open source. Lucia runs as part of your Node.js app. Hanko runs as a separate Go server. Lucia adds zero infrastructure. Hanko adds one service (though it's lightweight compared to something like Keycloak).
Browser compatibility. Passkeys require WebAuthn support. Modern browsers handle it, but older browsers and some devices don't. Hanko provides email passcode fallback. Lucia-based password auth works everywhere. If your audience includes users on older browsers, traditional auth has wider compatibility.
Social login. Lucia requires you to implement OAuth flows using additional libraries. Hanko supports social providers through its backend configuration. Neither makes social login trivially easy, but Hanko handles the OAuth server-side so you don't write the flow code.
By the Numbers (2026)
The single most important fact for anyone choosing between these two in 2026 is that Lucia is no longer maintained as a library. The lucia npm package carries an official deprecation notice that points readers to a migration guide, and its latest release, version 3.2.2, was published in October 2024. The maintainer's conclusion was that the database-adapter model was too constraining for a low-level library, so Lucia has been repositioned as a learning resource that teaches you to implement sessions yourself rather than a dependency you install and rely on long term. Notably, the repository is not archived and still draws heavy traffic, with 10,466 GitHub stars and roughly 203,729 npm downloads in the last week, so plenty of existing apps still run on it. New downloads are mostly transitive or legacy installs rather than a sign of fresh adoption.
Hanko sits on the opposite side of that line. Its backend reached version 2.5.0 in March 2026, the frontend @teamhanko/hanko-elements package hit 2.6.0 in April 2026, and the repository shows commits as recently as late May 2026. It has 8,939 GitHub stars and around 4,419 weekly downloads of the elements package. The download gap looks large until you remember that Hanko's runtime is a self-hosted Go server or the managed Cloud, so the npm package is only the thin web-component layer, not the whole product.
Here are the verified figures side by side.
| Metric | Lucia | Hanko |
|---|---|---|
| Latest version | 3.2.2 (Oct 2024), package deprecated | Backend v2.5.0 (Mar 2026), elements 2.6.0 (Apr 2026) |
| Primary language | TypeScript | Go (backend), TypeScript (web components) |
| GitHub stars | 10,466 | 8,939 |
| GitHub forks | 525 | 1,014 |
| npm downloads (last week) | 203,729 | 4,419 |
| Repository activity | Last push July 2025 | Last push May 2026 |
| Self-hosted cost | Free, open source | Free, open source |
| Managed Cloud free tier | None (no managed service) | 10,000 MAU, 2 projects |
Figures pulled from the GitHub and npm APIs and the Hanko pricing page on 2026-05-28. Star and download counts move daily, so treat them as a snapshot.
Real Cost at Solo-Dev Scale
Lucia is free in every direction because there is no managed service to bill you. Hanko is free to self-host but also offers Hanko Cloud, so the cost question only applies to the Cloud path. Here is what that path actually costs at a few realistic solo-dev workloads.
Hanko Cloud counts monthly active users, meaning people who authenticate at least once in a given month, not registered accounts that sit idle. The Starter tier is free up to 10,000 MAU. The Pro tier is $29 per month and includes the same 10,000 MAU, then charges $0.01 for each active user beyond that. Worked out at three scales:
- 2,000 MAU side project. Free on the Starter tier. Monthly cost $0.
- 9,500 MAU growing app. Still under the 10,000 cap, so free on Starter. Monthly cost $0. You would only move to Pro here if you wanted webhooks, the Admin API, or email and Slack support.
- 40,000 MAU real product. Pro base of $29 covers the first 10,000, and the remaining 30,000 cost 30,000 times $0.01, which is $300. Total $329 per month, before the optional $49 per SAML connection.
Self-hosting the open-source Hanko backend skips all of that and costs only your server time, which for a single small Go service is a few dollars a month on a basic VPS. The Cloud math matters only if you would rather not run the server yourself. For a solo developer, the practical read is that Hanko Cloud is genuinely free until you have real traction, and Lucia carries no bill at any scale because you host the whole thing inside your own app. The cost difference is therefore close to nothing until you cross into tens of thousands of active users and choose the managed option to save yourself the ops work.
When to Choose Lucia
- You need traditional password-based authentication
- Custom session logic or non-standard auth flows are required
- You want zero additional infrastructure (just a library in your app)
- Full control over every aspect of the auth implementation matters
- Your audience includes users on older browsers or devices
When to Choose Hanko
- You want the best possible login experience for users (passkeys)
- Passwordless authentication aligns with your product vision
- A pre-built auth component that you drop into your frontend is appealing
- You're building a new product and can go passwordless from day one
- Eliminating password-related support tickets and security risks matters
The Verdict
Lucia and Hanko solve authentication differently. Lucia gives you a toolkit for building traditional auth exactly how you want it. Hanko gives you a modern passkey-first flow in a pre-built component. The right choice depends on what kind of auth experience you want to deliver.
For solo developers building a product where user experience is a differentiator, Hanko is worth the bet on passkeys. The login flow is noticeably better, and passwordless eliminates an entire category of security problems. The technology is production-ready in modern browsers.
For solo developers who need traditional auth, custom flows, or the widest possible device compatibility, Lucia provides the flexibility to build exactly what you need. It's more work, but the result is entirely under your control.
My recommendation: if you're starting a new consumer product today and your users have modern devices, try Hanko. The UX improvement from passkeys is real and measurable. If you need traditional auth or have complex requirements, Lucia gives you the building blocks without vendor lock-in. One honest caveat to weigh in 2026, though, is that the Lucia package is now deprecated and treated as a learning resource, so reaching for it today means adopting the pattern by hand rather than installing a maintained dependency. That tradeoff is fine if ownership is the whole point, but it is worth knowing before you start.
Sources
All figures checked on 2026-05-28.
- Lucia GitHub repository (stars, forks, last push): https://github.com/lucia-auth/lucia
- Lucia npm package, version 3.2.2 and deprecation notice: https://registry.npmjs.org/lucia/latest
- Lucia npm weekly downloads: https://api.npmjs.org/downloads/point/last-week/lucia
- Lucia v3 migration guide (the resource the deprecation notice points to): https://lucia-auth.com/lucia-v3/migrate
- Hanko GitHub repository (stars, forks, last push): https://github.com/teamhanko/hanko
- Hanko backend releases (v2.5.0, March 2026): https://github.com/teamhanko/hanko/releases
- Hanko elements npm package, version 2.6.0 and weekly downloads: https://registry.npmjs.org/@teamhanko/hanko-elements/latest
- Hanko Cloud pricing (Starter free up to 10,000 MAU, Pro $29 plus $0.01 per MAU): https://www.hanko.io/pricing
- Hanko Startup Plan (1 million MAU free, application required): https://www.hanko.io/startup-plan
Like this? You'll like what I'm building too.
Two ways to support and get more of this work.
HEARTH
A privacy-first Life OS for your desktop. Journal, tasks, and notes that stay on your machine. Coming soon, direct download from this site.
Read moreMY TOOLKITS
Receipts-first toolkits for shipping after hours, building Claude agents, publishing on Amazon, and more. The exact methods I used, not theory.
Browse on WhopRelated Articles
Angular vs HTMX for Solo Developers
Comparing Angular and HTMX for solo developers. Features, pricing, pros and cons, and which one to pick for your next project.
Angular vs Qwik for Solo Developers
Comparing Angular and Qwik for solo developers. Features, pricing, pros and cons, and which one to pick for your next project.
Angular vs SolidJS for Solo Developers
Comparing Angular and SolidJS for solo developers. Features, pricing, pros and cons, and which one to pick for your next project.