Building a web application often feels like a trade-off. You either go with a "batteries-included" framework like Laravel but sacrifice raw performance, or you pick a minimalist tool like Express.js but spend hours wiring up folders, auth, and database connections.
This past weekend, I decided to stop choosing. I built Kuppa.js, an opinionated, high-performance framework built on top of Express.js, specifically optimized for the Supabase ecosystem.
Why Kuppa.js?
The goal was simple: Developer Experience of Laravel + Raw Speed of Node.js.
Express.js is famous for being unopinionated. It’s just a blank canvas. Kuppa.js turns that canvas into a structured environment. It tells you where your migrations go, how your controllers should look, and comes with Supabase Auth baked in by default. It moves Express from a library to a real framework.
The "Brutal" Benchmark: Kuppa vs. Laravel
I didn't want to just claim it’s fast. I ran an Apache Benchmark (ab) with 5,000 requests and a concurrency level of 100 on my local machine.
The Setup:
- Laravel: Serving a static home page (No DB, No Auth).
- Kuppa.js: Serving a home page with Active Database Session & Auth Check.
The Results:
| Metric | Laravel (Static) | Kuppa.js (Auth + DB) |
|---|---|---|
| Requests per Second | 63.00 #/sec | 1,043.53 #/sec |
| Avg. Latency | 1,587 ms | 95 ms |
| Success Rate | 100% | 100% |
Kuppa.js outperformed Laravel by 17x, even while doing the heavy lifting of checking authentication. This is the power of a non-blocking I/O combined with a lightweight, opinionated structure.
Key Features
- Opinionated Structure: No more "Where should I put this file?" questions. Standardized Models, Controllers, and Core logic.
- Supabase Native: Deep integration for Database and Auth out of the box.
- CLI Driven: Manage your database with custom commands like
kuppa migrateandkuppa db. - Security First: Database inspections are handled via custom PostgreSQL functions with
SECURITY DEFINERto ensure the CLI is powerful but safe.
A Weekend Project Gone Open Source
Kuppa.js started as a "home weekend project" to scratch my own itch. It’s now open source because I believe there's a middle ground for developers who love the Supabase stack but miss the structure of a real framework.
It’s still in its early stages, but the foundation is rock solid.
What's Next? Bridging DX and Hardened Security
The core is ready, but a framework is only as good as its stability. My next focus for Kuppa.js is to maximize the developer experience without compromising on security:
- Strict Security Layer: Implementing a standardized validation layer (via Zod/Joi) to ensure every input is sanitized before it even touches the Supabase RPC.
- Advanced CLI Generators: Expanding the CLI to not only generate boilerplate but also scaffold secure-by-default controllers and models with built-in error handling.
- Enhanced Database Inspection: Improving the
kuppa dbutility to provide deeper insights into Row Level Security (RLS) policies and PostgreSQL performance bottlenecks. - Automated API Documentation: Auto-generating Swagger/OpenAPI specs directly from your Kuppa routes to make frontend integration seamless.
Check out the project here:
https://github.com/dnysaz/kuppa-app
Start :
npx create-kuppa my-kuppa-app
I’m building Kuppa.js to be the go-to for devs who want Laravel’s productivity with Node.js’s performance. I’d love to hear your thoughts—especially on how you handle security in high-performance environments.
Critiques are welcome. If you see any bottlenecks in how I handle the Supabase RPC or have suggestions on making the security layer even tighter, please let me know. I'm building this to be a production-ready framework, and your feedback is crucial to making that happen.
Top comments (0)