We’ve been keeping a private tally for two years: every production incident across every project we’ve shipped, tagged by what caused it. The pattern is depressingly consistent — new, exciting technology choices cause incidents at roughly 4x the rate of boring, well-trodden ones.
That tally is why our default stack in 2026 is so unfashionable. Here’s what we reach for, and the reasoning per layer.
The stack, layer by layer
Frontend: Next.js + TypeScript + Tailwind
Next.js does server rendering, client rendering, static rendering, image optimization, routing, and form actions in one framework with one mental model. Tailwind keeps the CSS contained inline so refactors don’t leave dead styles behind. TypeScript because it’s 2026 and untyped JavaScript at scale is a regret.
Not picking: SvelteKit (smaller ecosystem when you need a niche library), Remix (great, but the team converged with Next), bespoke SPAs with custom routing (you’ll rebuild Next badly).
Database: Postgres
It has JSON, full-text search, row-level security, time-series support, geospatial support, and a 30-year track record. Most “we need MongoDB” conversations end with “oh, jsonb does that.” Most “we need Elasticsearch” conversations end with “oh, tsvector does that.”
Use a managed Postgres — RDS, Neon, Supabase, Cloud SQL. The hours you’d spend running Postgres yourself are better spent on your product.
Backend: Node.js + TypeScript (with Fastify or Next API)
Same language as the frontend = shared types, shared validation schemas, one mental model for your team. Node is fast enough for 99% of workloads. The 1% where it isn’t, you know who you are — pick Go or Rust for that specific service.
Auth: a third-party (Auth0, Clerk, WorkOS)
Rolling your own auth in 2026 is a footgun. Identity providers handle SSO, MFA, SCIM, audit logs, breach detection — all of which you’d build worse and slower in-house. Pay the $0.05 per MAU and ship your product.
Hosting: Vercel / Fly / Render / AWS
Pick based on traffic predictability. Spiky / global → Vercel. Steady server-heavy workloads → Fly or Render. Enterprise compliance requirements → AWS with a thin IaC layer (Pulumi or Terraform). Don’t pick Kubernetes unless you have a platform team to operate it.
Background jobs: BullMQ on Redis, or Inngest
BullMQ if you want full control and don’t mind the operational burden of Redis. Inngest if you’d trade a bit of vendor coupling for retries, scheduling, and observability you didn’t have to write.
Email: Postmark or AWS SES
Postmark for transactional ease and great deliverability. SES if you already live in AWS and want lower pricing at scale. Don’t SMTP through your own server.
Observability: Sentry + a structured log sink
Sentry for application errors. Datadog / Axiom / Logtail for structured logs. Honestly, most products under 1M MAU can run Sentry + AWS CloudWatch and be fine. Build the observability you need, not the observability your favorite tech-talk recommends.
Things we deliberately don’t use by default
- GraphQL.REST + Zod-typed clients gives most of the benefit. GraphQL is great when you have many clients and many backends; for a SaaS with one frontend, it’s overhead.
- Microservices. See our modular-monolith piece for why.
- Kubernetes. Hosted platforms (Vercel/Fly/Render) handle the same jobs without the platform-engineer headcount.
- Custom CSS frameworks.Tailwind plus a handful of components is enough; we don’t need to invent design tokens we’ll regret.
- ORMs that hide SQL. Prisma is fine; Drizzle is fine; raw SQL is also fine. ORMs that abstract too aggressively tend to bite you on the queries that matter.
The principle behind the picks
Pick technology that has been in production for 10+ years and has a thriving community right now. That’s the sweet spot — mature enough that the sharp edges are documented, alive enough that you’ll get answers when you hit a problem.
New technology is a bet that you’ll save more time than you’ll spend debugging novel issues. That bet pays off about 1 in 5 times. Boring stack means you’re placing the bet only when there’s a real, measurable win to chase — not because it’s on the front page of Hacker News.
How we approach this
This boring stack is the default for our SaaS Product Development and MVP engagements. We bring exotic technology in when there’s a specific reason — ML inference, sub-millisecond latency, hardware integration — and never because we’re bored.
Takeaways
- Mature tech causes ~4x fewer incidents than recently-trendy tech.
- Default: Next.js + TS + Postgres + Node + managed hosting + 3rd-party auth.
- Don’t use Kubernetes, microservices, or GraphQL unless you have a documented reason.
- Boring isn’t conservatism — it’s capital preservation for the bets that matter.
