Morpha UI

Auth & Security

Authentication, app security and consent/compliance.

Auth is the first thing I wire up on anything with users, and the easiest thing to get subtly wrong — so I lean on dedicated tools rather than rolling my own.

Overview

I treat authentication, in-app security, and consent as three separate concerns. Auth is a managed provider so I'm not storing passwords or reinventing session handling. Security at the edge — rate limiting and bot protection — is its own layer. And consent / compliance is a drop-in I add when the app sets cookies that need a banner.

Tools

Clerk

My auth default — and what gates the Morpha CLI's pro registry. Drop-in components plus a real API.

Arcjet

Rate limiting, bot protection and basic WAF rules, in-app and close to my routes.

c15t

Open-source cookie consent and compliance when the app needs a real banner.

My pick

Clerk is the default and it's not close — it's what authenticates the Morpha CLI and gates the pro registry (see the CLI page). I add Arcjet on anything public-facing where abuse is a real risk, and reach for c15t only when compliance actually requires a consent flow rather than bolting one on reflexively.

Backend & Data

Databases, storage, ORMs, CMS and i18n for the data layer.

Payments & Email

Payments, transactional and marketing email.

On this page

OverviewToolsMy pick