/ tool-comparisons / Lucia vs Hanko for Solo Developers
tool-comparisons 10 min read

Lucia vs Hanko for Solo Developers

Comparing Lucia and Hanko for solo developers. Features, pricing, pros and cons, and which one to pick for your next project.

Hero image for Lucia vs Hanko for Solo Developers

Quick Comparison

Feature Lucia Hanko
Type Open-source auth library (JS/TS) Passkey-first auth platform (open source)
Latest version 3.2.2, last published October 2024, npm package deprecated Backend v2.5.0 (March 2026), hanko-elements 2.6.0 (April 2026)
Maintenance status Deprecated, now positioned as a learning resource Actively developed, latest backend commit May 2026
GitHub stars 10,466 8,939
npm downloads (last week) 203,729 (lucia) 4,419 (@teamhanko/hanko-elements)
Pricing Free and open source Self-hosted free, Cloud free up to 10,000 MAU, Pro $29/mo plus $0.01 per MAU over 10,000
Learning Curve Moderate-High Easy-Moderate
Best For Custom auth logic in JS/TS apps Modern passwordless authentication with passkeys
Solo Dev Rating 7/10 7/10

Lucia Overview

Lucia is an open-source auth library that provides session management and token handling as building blocks. You install the npm package, configure a database adapter, and build your auth flows using Lucia's functions. Registration, login, OAuth, password hashing, and middleware are your responsibility. Lucia handles the cryptographic layer and stays out of everything else.

The philosophy is ownership. Every line of auth code is in your codebase, using your database schema, following your rules. No external service calls during authentication, no monthly bills, no vendor dependency.

I built a side project with Lucia where I needed custom session attributes that no managed service supported. The library let me define exactly what sessions contained and how they expired. It took longer to set up than a managed service, but the end result was mine.

Hanko Overview

Hanko is an open-source authentication platform designed around passkeys and WebAuthn. Instead of passwords, users authenticate with biometrics: Face ID, Touch ID, or Windows Hello. Hanko provides web components (<hanko-auth>, <hanko-profile>) that render complete auth flows you drop into your frontend.

The backend is a Go server you can self-host or use via Hanko Cloud. It handles passkey registration, WebAuthn challenges, email passcode fallback, and user management. The web components are framework-agnostic and work with React, Vue, Svelte, or vanilla HTML.

I tried Hanko in a prototype and the user experience was impressive. Users register with a passkey, then future logins are a single biometric tap. No passwords to remember or type, no MFA codes. The convenience is genuine.

Key Differences

Auth approach. Lucia gives you building blocks for traditional auth: passwords, sessions, cookies. You can implement any auth pattern, but you build it yourself. Hanko gives you a complete passkey-first auth flow as a pre-built component. The approaches are fundamentally different. Lucia is a toolkit. Hanko is a solution.

Setup time. Hanko's web components can be added to a page in under an hour. Drop in <hanko-auth>, point it at your Hanko backend, and you have a working passkey login. Lucia takes several hours because you're building forms, handlers, middleware, and password logic from scratch. Hanko gets you to working auth much faster.

User experience. Hanko's passkey flow is genuinely better for end users. One biometric tap to log in. No password to remember, no reset emails, no 2FA codes. Lucia-based auth typically means traditional email/password forms, which users are familiar with but which aren't as smooth.

Flexibility. Lucia wins on flexibility. You can build any auth pattern: custom session schemas, unusual token logic, multi-step auth flows, or hybrid approaches that no opinionated platform supports. Hanko is opinionated about passkeys being the primary method. If you need traditional password auth or custom flows, Hanko isn't the right tool.

Self-hosting. Both are self-hostable and open source. Lucia runs as part of your Node.js app. Hanko runs as a separate Go server. Lucia adds zero infrastructure. Hanko adds one service (though it's lightweight compared to something like Keycloak).

Browser compatibility. Passkeys require WebAuthn support. Modern browsers handle it, but older browsers and some devices don't. Hanko provides email passcode fallback. Lucia-based password auth works everywhere. If your audience includes users on older browsers, traditional auth has wider compatibility.

Social login. Lucia requires you to implement OAuth flows using additional libraries. Hanko supports social providers through its backend configuration. Neither makes social login trivially easy, but Hanko handles the OAuth server-side so you don't write the flow code.

By the Numbers (2026)

The single most important fact for anyone choosing between these two in 2026 is that Lucia is no longer maintained as a library. The lucia npm package carries an official deprecation notice that points readers to a migration guide, and its latest release, version 3.2.2, was published in October 2024. The maintainer's conclusion was that the database-adapter model was too constraining for a low-level library, so Lucia has been repositioned as a learning resource that teaches you to implement sessions yourself rather than a dependency you install and rely on long term. Notably, the repository is not archived and still draws heavy traffic, with 10,466 GitHub stars and roughly 203,729 npm downloads in the last week, so plenty of existing apps still run on it. New downloads are mostly transitive or legacy installs rather than a sign of fresh adoption.

Hanko sits on the opposite side of that line. Its backend reached version 2.5.0 in March 2026, the frontend @teamhanko/hanko-elements package hit 2.6.0 in April 2026, and the repository shows commits as recently as late May 2026. It has 8,939 GitHub stars and around 4,419 weekly downloads of the elements package. The download gap looks large until you remember that Hanko's runtime is a self-hosted Go server or the managed Cloud, so the npm package is only the thin web-component layer, not the whole product.

Here are the verified figures side by side.

Metric Lucia Hanko
Latest version 3.2.2 (Oct 2024), package deprecated Backend v2.5.0 (Mar 2026), elements 2.6.0 (Apr 2026)
Primary language TypeScript Go (backend), TypeScript (web components)
GitHub stars 10,466 8,939
GitHub forks 525 1,014
npm downloads (last week) 203,729 4,419
Repository activity Last push July 2025 Last push May 2026
Self-hosted cost Free, open source Free, open source
Managed Cloud free tier None (no managed service) 10,000 MAU, 2 projects

Figures pulled from the GitHub and npm APIs and the Hanko pricing page on 2026-05-28. Star and download counts move daily, so treat them as a snapshot.

Real Cost at Solo-Dev Scale

Lucia is free in every direction because there is no managed service to bill you. Hanko is free to self-host but also offers Hanko Cloud, so the cost question only applies to the Cloud path. Here is what that path actually costs at a few realistic solo-dev workloads.

Hanko Cloud counts monthly active users, meaning people who authenticate at least once in a given month, not registered accounts that sit idle. The Starter tier is free up to 10,000 MAU. The Pro tier is $29 per month and includes the same 10,000 MAU, then charges $0.01 for each active user beyond that. Worked out at three scales:

  • 2,000 MAU side project. Free on the Starter tier. Monthly cost $0.
  • 9,500 MAU growing app. Still under the 10,000 cap, so free on Starter. Monthly cost $0. You would only move to Pro here if you wanted webhooks, the Admin API, or email and Slack support.
  • 40,000 MAU real product. Pro base of $29 covers the first 10,000, and the remaining 30,000 cost 30,000 times $0.01, which is $300. Total $329 per month, before the optional $49 per SAML connection.

Self-hosting the open-source Hanko backend skips all of that and costs only your server time, which for a single small Go service is a few dollars a month on a basic VPS. The Cloud math matters only if you would rather not run the server yourself. For a solo developer, the practical read is that Hanko Cloud is genuinely free until you have real traction, and Lucia carries no bill at any scale because you host the whole thing inside your own app. The cost difference is therefore close to nothing until you cross into tens of thousands of active users and choose the managed option to save yourself the ops work.

When to Choose Lucia

  • You need traditional password-based authentication
  • Custom session logic or non-standard auth flows are required
  • You want zero additional infrastructure (just a library in your app)
  • Full control over every aspect of the auth implementation matters
  • Your audience includes users on older browsers or devices

When to Choose Hanko

  • You want the best possible login experience for users (passkeys)
  • Passwordless authentication aligns with your product vision
  • A pre-built auth component that you drop into your frontend is appealing
  • You're building a new product and can go passwordless from day one
  • Eliminating password-related support tickets and security risks matters

The Verdict

Lucia and Hanko solve authentication differently. Lucia gives you a toolkit for building traditional auth exactly how you want it. Hanko gives you a modern passkey-first flow in a pre-built component. The right choice depends on what kind of auth experience you want to deliver.

For solo developers building a product where user experience is a differentiator, Hanko is worth the bet on passkeys. The login flow is noticeably better, and passwordless eliminates an entire category of security problems. The technology is production-ready in modern browsers.

For solo developers who need traditional auth, custom flows, or the widest possible device compatibility, Lucia provides the flexibility to build exactly what you need. It's more work, but the result is entirely under your control.

My recommendation: if you're starting a new consumer product today and your users have modern devices, try Hanko. The UX improvement from passkeys is real and measurable. If you need traditional auth or have complex requirements, Lucia gives you the building blocks without vendor lock-in. One honest caveat to weigh in 2026, though, is that the Lucia package is now deprecated and treated as a learning resource, so reaching for it today means adopting the pattern by hand rather than installing a maintained dependency. That tradeoff is fine if ownership is the whole point, but it is worth knowing before you start.

Sources

All figures checked on 2026-05-28.

Built by Kevin

Like this? You'll like what I'm building too.

Two ways to support and get more of this work.

Desktop App

HEARTH

A privacy-first Life OS for your desktop. Journal, tasks, and notes that stay on your machine. Coming soon, direct download from this site.

Read more
Digital Products

MY TOOLKITS

Receipts-first toolkits for shipping after hours, building Claude agents, publishing on Amazon, and more. The exact methods I used, not theory.

Browse on Whop

Need This Built?

Kevin builds products solo, from first version to live. If you want something like this made, work with him.