Modern Backend Frameworks 2025 — NestJS, Fastify, Hono, Elysia, Spring Boot, FastAPI, Go, Axum, tRPC, GraphQL, gRPC (S7 E2)

Prologue — the framework question is back

"Which backend framework?" feels like a 2015 question. But it's back — for real reasons:

• Edge and serverless demand cold-start-friendly designs: Hono, Elysia, Fastify matter again.
• TypeScript everywhere pulled backends away from Java/Python.
• Type-safe RPC (tRPC, gRPC, typed GraphQL) made "API contract" a first-class concern.
• AI APIs forced backends to stream SSE/WebSockets at scale.

Old favorites (Express, Django, Flask) still work. But if you're starting new in 2026, you have a better default.

1. TypeScript backends

NestJS

• Angular-flavored DI, modules, decorators.
• Fits teams coming from Spring.
• Monolith-to-microservice story strong. Good for enterprises, CRUD-heavy domains.
• Downsides: boilerplate, slower cold-start than Fastify/Hono.

Fastify

• The raw-speed Node framework. Schema-first (JSON Schema) is the killer feature — validation, serialization, and OpenAPI for free.
• Use when: REST APIs with schema validation, OpenAPI required, middleware ecosystem wanted.

Hono

• Edge-first. Runs on Cloudflare Workers, Bun, Deno, Node — one codebase.
• Handler-based, small API surface, zero deps.
• Use when: deploying to edge runtimes, SSR API routes, small services.

Elysia

• Bun-native. Type-level routing — routes become a TS type.
• Eden Treaty: tRPC-like end-to-end types without a separate schema.
• Fastest TS framework in raw benchmarks (on Bun).
• Use when: Bun shop, small/medium services, tight FE/BE type coupling.

Quick table

2. JVM — Spring Boot, Micronaut, Quarkus

Spring Boot

• Default for enterprise Java. Ecosystem unmatched: Spring Data, Security, Batch, Cloud.
• 2024–2025: virtual threads (Project Loom) via spring.threads.virtual.enabled — most reactive code becomes unnecessary.
• GraalVM native images drop cold-start to ~50ms.
• Downsides: JVM memory, slower dev loop than TS/Python.

Micronaut / Quarkus

• Startup-optimized alternatives. Compile-time DI and reflection-less design.
• Quarkus + GraalVM native is ~20MB / ~10ms startup — Lambda-friendly.

Use when

• Enterprise, regulated industries, mature teams, long-lived services.
• Spring Boot + Virtual Threads is a very good default in 2026.

3. Python — FastAPI, Litestar, Django Ninja

FastAPI

• ASGI + Pydantic v2. Automatic OpenAPI. Defacto Python web standard by 2023.
• 2024 V2: 5–10× faster validation than v1.
• Use when: AI/ML-adjacent services, rapid prototyping, Python data stack integration.

Litestar

• FastAPI-alike with more opinionated structure. Dependency injection first-class.
• Slightly faster benchmarks. Growing community.

Django Ninja

• FastAPI patterns inside Django.
• Use when: already on Django ORM/admin, need a clean REST layer.

Note

• Python 3.13 free-threaded (no-GIL) is experimental in 2025; don't bet production on it yet.

4. Go — Fiber, Echo, Chi, Gin, net/http

The net/http shift (Go 1.22+)

• Go's standard net/http got routing with methods and path params built-in. Many teams drop third-party routers.

Third-party

• Chi — minimal, idiomatic, middleware-friendly.
• Echo — full-featured, strong middleware.
• Fiber — Express-like API, fasthttp-based (NOT net/http-compatible).
• Gin — still popular for raw speed and community.

Use when

• High throughput, low latency, simple deployment.
• Kubernetes-native services.

5. Rust — Axum, Actix-web, Rocket

Axum

• Tokio + Tower ecosystem native. Handler style feels Go-ish.
• Macro-light, type-safe extractors, first-class serde.
• Default Rust web framework in 2025.

Actix-web

• Actor model origin, still the fastest in raw benchmarks.
• More complex error handling, less newcomer-friendly.

Use when

• Tier-1 performance needs, edge compute, WASM backends.
• Replacing Go in performance-critical paths.

6. API styles — REST, tRPC, GraphQL, gRPC

REST + OpenAPI

• Still the safest default. Cachable, observable, public APIs.
• 2025 tools: Scalar (docs), Redocly, Orval (codegen from OpenAPI), Hey API.

tRPC

• TS-only. End-to-end types without code generation.
• Use when: single-stack TS monorepo, Next.js + Node API.
• Not for: public APIs, polyglot consumers.

GraphQL

• Powerful client-driven queries, relationship-heavy domains.
• 2024–2025: Federation v2 mature, Apollo Router in Rust, Hasura/PostGraphile for database-first.
• Downsides: caching complexity, N+1 risk without Dataloader, overkill for CRUD.

gRPC / Connect

• Protobuf schemas, typed clients across languages. Connect-RPC gives HTTP + gRPC + gRPC-Web from one definition.
• Use when: internal service-to-service, polyglot microservices, streaming.

Quick picks

• Internal polyglot microservices → gRPC/Connect.
• Public API → REST + OpenAPI.
• TS monorepo with tight FE/BE coupling → tRPC.
• Relationship-rich data, many client shapes → GraphQL with Federation.

7. Validation and schemas — Zod, Valibot, ArkType

• Zod — default in TS land. Big, rich, ecosystem huge.
• Valibot — tree-shakable (tiny bundle for edge), Zod-compatible mental model.
• ArkType — TS type syntax for runtime validation.
• TypeBox — JSON Schema-first, Fastify's default.

Pick one across the stack — mixing is painful.

8. ORM / data layer

• Prisma — schema-first, great DX, v5 dropped Rust engine in some paths, TypedSQL for raw queries.
• Drizzle — SQL-first, edge-friendly (no engine binary), gaining fast.
• Kysely — query builder, no migrations.
• TypeORM / MikroORM — traditional ORM approach, less hype.
• Sequelize — legacy, avoid for new projects.
• Spring Data JPA / Hibernate — default on JVM.
• SQLAlchemy 2.0 — Python's default, async support solid.
• sqlc (Go) — generates typed code from SQL. Pragma of Go data layer.
• sqlx / SeaORM / Diesel (Rust) — pick based on compile-time checks vs ergonomics.

9. Auth — the 2025 landscape

• BetterAuth / Lucia v3 — TS-first auth libraries. Lucia v3 is now "deprecated, migrate to BetterAuth."
• Clerk / Auth0 / Stytch — managed auth.
• Keycloak — self-hosted, JVM.
• Supabase Auth — bundled with Supabase Postgres.
• NextAuth v5 (Auth.js) — Next-integrated.
• Passkeys (WebAuthn) went mainstream in 2024. SCIM + SSO expected for B2B.

10. Observability

• OpenTelemetry — the universal contract. All modern frameworks support OTel.
• Grafana + Prometheus + Tempo + Loki — OSS stack.
• Datadog / New Relic / Honeycomb — SaaS.
• Sentry / PostHog — for error + product analytics.

Rule: instrument traces at the framework layer, logs at the service layer, metrics at the system layer.

11. Background jobs

• BullMQ (Redis) — default in Node.
• Sidekiq — Ruby standard.
• Celery — Python standard, with Redis/RabbitMQ/SQS.
• Temporal — durable execution. Replaces cron + retry + state machines.
• Inngest / Trigger.dev — TS-friendly serverless job runners.
• pgmq — Postgres message queue when you want to avoid Redis.

Temporal is the 2025 pick for complex multi-step workflows.

12. Deployment — runtime + framework combos that "just work"

• Vercel + Next.js (or Hono) — zero-config, edge-friendly.
• Cloudflare Workers + Hono — lowest global latency.
• Railway / Render / Fly.io — container-style deploy for traditional frameworks.
• AWS Lambda + FastAPI (Mangum) / Spring Boot (GraalVM) — enterprise serverless.
• Kubernetes + anything — large teams, regulated environments.
• Bun + Elysia + Bun Deploy (2025) — newcomer watching.

13. Decision tree

Q1: Edge/serverless target?
├─ Yes: Hono (edge), Elysia (Bun), FastAPI (Lambda), Quarkus (native)
└─ No → Q2

Q2: TS monorepo, FE/BE tight?
├─ Yes: Next.js API / tRPC / Hono
└─ No → Q3

Q3: Enterprise Java/Kotlin, regulated?
├─ Yes: Spring Boot (+ Virtual Threads)
└─ No → Q4

Q4: High throughput / low latency critical?
├─ Yes: Go (Fiber/Echo/Chi) or Rust (Axum)
└─ No → Q5

Q5: Python data/AI-adjacent?
├─ Yes: FastAPI / Litestar
└─ No: NestJS or Fastify

12-item adoption checklist

1. Team language/runtime strengths mapped?
2. Cold-start budget defined?
3. Type sharing with frontend planned?
4. OpenAPI or schema source-of-truth picked?
5. ORM chosen considering scale/migrations?
6. Background job runner chosen?
7. Auth library decided (self-host vs managed)?
8. Observability stack integrated from day 1?
9. Rate limiting / abuse prevention layered in?
10. Local dev matches prod (Docker/Bun/Node parity)?
11. Testing strategy — unit + integration + contract?
12. Deployment pipeline automated, rollback tested?

10 common anti-patterns

1. Picking NestJS for a 500-line service "just in case."
2. Using GraphQL when 3 REST endpoints would do.
3. Ignoring cold-start on serverless — big framework + heavy DI.
4. Shared schemas stolen from frontend types (drift hell).
5. No schema validation at the edge (all errors surface as 500 later).
6. ORM lazy-loading in a loop — N+1 becomes 1000+1.
7. Long-lived DB connections in Lambda — connection storm.
8. Auth rolled from scratch — mistakes will happen.
9. No OpenAPI → no client codegen → manual fetch calls everywhere.
10. Deploying to Kubernetes "because we have Kubernetes" — often overkill.

Next episode

S7 E3 — Distributed Databases 2025: CockroachDB, Spanner, TiDB, Yugabyte, Aurora DSQL, Neon, PlanetScale, Turso, D1. How to pick, not a "best of."

— End of Modern Backend Frameworks.