The Vendor Lock-In Dilemma: Are Netlify and Vercel Worth the Risk?
Should we be avoiding services like Netlify, Vercel, and Cloudflare? In my opinion, mostly no. We shouldn't be avoiding them because they're all incredible platforms. However, a recent article highlighted an important aspect to consider when deploying your application, a consideration that holds true for any service we use: the idea of vendor lock-in.
The Rise of Abstraction in Web Development
The way we've progressed in web development has led to the creation of various services to handle different tasks for us. We often discuss using Cloudinary for images, Clerk for authentication, Sentry for error tracking and alerting, or Zeta for a database. All of these solutions offer powerful abstractions, but they do come with a degree of vendor lock-in. It's something to consider.
An interesting article I came across started by referencing a powerful statement: every dependency is a potential vulnerability. When we think about dependencies within the JavaScript ecosystem, everything we build has tons of them. It's fascinating to consider how installing one package can install over 100+ other packages. This is just the way we work now, often without thinking about the sheer volume of code we're adding to our codebase, which could contain potential vulnerabilities or other issues. A core idea to mitigate this is to use vanilla JavaScript as much as possible.
The Appeal of Managed Platforms
This brings us to platforms like Netlify, Cloudflare, and Vercel. They are often recommended to clients and students because they offer a ton of features that make development faster and easier than building out your own infrastructure. This is definitively true. If I have an application that can be hosted on one of these platforms, I'm probably going to do that. AWS Amplify is another exciting option in this space.
Any of these options provide abstractions that let you connect to a GitHub repo, and they handle the deployment process for you. They take care of creating API endpoints, API routes, and serverless functions. The amount of value these platforms offer is immense.
For instance, they offer serverless functions that let you run server-side code without managing a server. This has been a huge game-changer, enabling the ability to build and deploy a full-stack application for free in recent years, which is truly wild. Cloudflare Workers even offers a database, allowing you to read and write to long-term storage. The number of features they provide is almost ridiculous.
When Services Are Great... Until They Aren't
But these services are great, until they aren't.
The Risk of Outages
The first point of concern is the possibility of an outage. My take on this is that it's far more likely for me to configure my own infrastructure incorrectly or fail to set up an automatic server restart than it is for a major platform like Netlify, Cloudflare, or Vercel to go down. If those services are having issues, it's a much larger problem for the web as a whole. From a vendor lock-in perspective, I'm less worried about this because I believe they manage infrastructure better than I ever could myself. This could, of course, be different for larger companies with more specialized expertise.
The Surprise Bill
Another concern is a sudden increase in fees or a comically large surprise bill. There was a notable online post where a user claimed, "Netlify sent me a $104,000 bill for a simple static site." I've seen examples of this happening on Netlify, Vercel, and Cloudflare. While this is not the norm and usually indicates something went wrong, it's a possibility. However, almost all of these services now allow you to set a spending cap. For a personal website, my cap would be around $5 or $10. This feature helps mitigate the risk significantly. Furthermore, if you're running your own infrastructure, you could still write code that racks up a huge bill on your raw server provider. So, this concern feels less critical.
The Core Issue: Vendor Lock-In
This brings us back to vendor lock-in. It's definitely true that when one provider handles your hosting, automated deployments, microservices, serverless APIs, and provides your database through a proprietary API, migrating to another platform becomes expensive and complex.
For example, a benefit of AWS Amplify is that if you're building all your other services within AWS, everything works together seamlessly in one place. This is a huge advantage, but it also comes with lock-in, or at least a significant effort to move elsewhere.
However, I don't see this as a major concern because almost everything we do involves some level of lock-in. If you're using a database with proprietary APIs, moving to another database will naturally be difficult. We often have an idealistic view that we should be able to move our code anywhere and use any database. In reality, we rarely have to make that decision, and we rarely expect such a migration to be perfectly seamless.
What's the Alternative?
So, what is the big alternative? The main option is to run your own Virtual Private Server (VPS), pay a small monthly fee, and deploy whatever you want. But then you have to consider the work involved in setting up your own automated deployments, configuring builds based on pushes to a Git repo, and implementing error tracking and alerting. If you're not using a dedicated service for that, how effective are your own solutions? How skilled are you at restarting services or debugging complex issues?
Honestly, I believe these managed services will do an infinitely better job at all of those things than I could for myself.
The conversation around vendor lock-in is valuable. Do you see strong limitations in working with services like Netlify, Cloudflare, Vercel, or AWS? Does it cause hesitation on your end? And what is your preferred alternative for building something without vendor lock-in?
Ultimately, I think vendor lock-in exists almost everywhere. The best approach is to build your project with what works for you, keep these considerations in mind, and focus on creating something great.
Join the 10xdev Community
Subscribe and get 8+ free PDFs that contain detailed roadmaps with recommended learning periods for each programming language or field, along with links to free resources such as books, YouTube tutorials, and courses with certificates.