We counted every backend-as-a-service dependency across 12,095 Opus 4.7 repos. The result is a near-monoculture.
BaaS usage counts
| Service | Repos using | Share of corpus |
|---|---|---|
| Supabase | 578 | 4.8% |
| Auth libraries (NextAuth/Clerk/Better-Auth) | 177 | 1.5% |
| Vercel SDK | 163 | 1.3% |
| Firebase / Firestore | 162 | 1.3% |
| Neon Database | 44 | 0.4% |
| tRPC | 17 | 0.1% |
Supabase beats Firebase by 3.5×, and leads every other BaaS by a wider margin. When Opus 4.7 picks a managed backend, it picks Supabase.
Why Supabase wins
Three reasons stand out from the data:
1. Postgres + Auth + Storage in one SDK
The @supabase/supabase-js client is a single import that covers DB, auth, storage, realtime. Opus 4.7 is biased toward minimizing dependency surface — one library over three is a clear win.
2. It plugs into Next.js trivially
Supabase publishes @supabase/ssr and example patterns for Next.js App Router. Since Opus 4.7’s default frontend is Next.js App Router (shown in earlier post), the path of least resistance is Supabase.
Look at the top imports:
- @/lib/supabase/server — appears 3,278 times
- @/lib/supabase/client — appears in hundreds of repos as a companion
The @/lib/supabase/... path is the canonical Next.js + Supabase scaffolding. Its presence in thousands of files shows Opus 4.7 reproduces this pattern reliably.
3. Row-Level Security is model-friendly
Supabase’s RLS policies live as SQL in migration files. An AI model handles declarative SQL better than it handles imperative auth middleware. The model can generate and reason about RLS — it can’t as easily generate and reason about passport.authenticate(...) middleware chains.
What Firebase offers that Supabase doesn’t
Firebase still appears in 162 Opus 4.7 repos — it’s not dead, just second place. Firebase wins when:
- The repo is a mobile app (React Native / Expo / Flutter) — Firebase’s mobile SDKs are more mature
- The backend is purely NoSQL / document-oriented
- The team needs Google’s real-time sync patterns
But for the majority of Opus 4.7’s output (full-stack TypeScript web apps), Supabase is the default.
Auth-library layer
177 repos import an explicit auth library (NextAuth, Clerk, Better-Auth, or similar). Some overlap with Supabase users — Supabase handles auth natively, so adding NextAuth on top is redundant. This 177 count reflects repos that either don’t use Supabase or use NextAuth as the session adapter over a Supabase backend.
tRPC’s absence
Only 17 repos use tRPC. Given tRPC’s prominence in the “modern TypeScript full-stack” discourse, this is striking.
The Opus 4.7 explanation: it defaults to Next.js Server Actions + Zod validation for type-safe client-server calls. That’s:
- Zero extra dependencies (server actions ship with Next.js)
- Less boilerplate than tRPC routers
- Zod for input validation (3,191+ imports) gives the type-safety benefit
When generative AI picks between an architectural library and language-native primitives, it tends to prefer the primitives. tRPC is a casualty.
Takeaway
If your agent or generator should produce code that feels at home in the Opus 4.7 corpus:
default DB + auth + storage: @supabase/supabase-js + @supabase/ssr
default validation: zod
default API pattern: Next.js Server Actions + Route Handlers
default deployment target: Vercel (with Vercel SDK for storage/KV if needed)
That’s the 2026 “boring modern stack” as Opus 4.7 understands it.
Numbers refresh every 30 min from the live Repobility index.