Skip to main content
RapidDev - Software Development Agency
No-Code to Code Migrations11 min readShut down

Migrating Basetool to Code: The Complete Playbook (2026)

Basetool (Apache 2.0 Next.js) has had no meaningful activity since ~2022 — no security patches, no dependency updates. Your data was always external (Postgres, MySQL); nothing to export from Basetool itself. The Apache 2.0 source code is readable and serves as your migration spec. This is the architecturally simplest migration in this group: same Next.js target, data already external, 4–8 weeks typical timeline.

4.9Clutch rating
600+Happy partners
17+Countries served
190+Team members

Time-sensitive migration

Shut down

Open-source (Apache 2.0) Next.js internal-tool framework; repo (github.com/basetool-io/basetool) shows no meaningful activity since ~2022; last copyright '© 2021 Basetool Inc.' No security patches, no maintenance. Fine as a reference codebase; do not run new or existing deployments on it in any security-sensitive context.

Start with the pre-migration checklist

Migration snapshot

Shut down

Platform

a Basetool

Open-source (Apache 2.0) Next.js internal-tool framework; repo (github.com/basetool-io/basetool) shows no meaningful activity since ~2022; last copyright '© 2021 Basetool Inc.' No security patches, no maintenance. Fine as a reference codebase; do not run new or existing deployments on it in any security-sensitive context.

Typical timeline

4–8 weeks

Typical cost

$13K–$25K (agency, fixed)

Why teams leave a Basetool

Basetool has been effectively abandoned since ~2022. There is no shutdown deadline, but running unmaintained software in production accumulates CVE exposure every month. The migration case is a security and maintenance obligation, not a platform failure.

Zero maintenance since ~2022

No security patches, no dependency updates, no bug fixes. Every month of continued operation adds CVE exposure from unmaintained npm packages — a risk that scales with how business-critical the app is.

Apache 2.0 is a migration asset

The codebase is Apache 2.0 — you legally own the running code. You can fork it, read it, and use it as a migration specification. This is an unusual advantage: most proprietary internal-tool builders offer no such transparency.

Next.js-based architecture

Basetool is a Next.js application. Your migration target (Next.js + Supabase) is architecturally adjacent. Developers familiar with Next.js can read the Basetool source directly; there is no framework translation cost.

Data was always yours

Basetool acted as a proxy to your own data sources (Postgres, MySQL, etc.); it did not store your data. Your databases are intact and fully under your control — there is no data extraction step.

Planned enterprise features never shipped

SSO and audit logs were listed as 'planned' in historical documentation. They never shipped. If your compliance requirements include SSO or audit logs, Basetool never delivered them and the new build will need to add them fresh.

What can you actually take with you?

Your data is already external and fully accessible. The Basetool source code (Apache 2.0) is readable as a spec. There is no app-definition export because the source itself is your specification.

AssetCan you export it?HowNotes
DataYesBasetool acted as a proxy to your own data sources; your Postgres/MySQL databases are intact and fully under your controlNo extraction step needed; just reconnect existing databases to the new app
CodeYesBasetool source is Apache 2.0 and readable on GitHub (github.com/basetool-io/basetool); use as a spec document and referenceThis is NOT a maintained codebase to run in production — use it as a specification, not a starting point
Design/UIPartialBasetool is a Next.js app with React components; UI patterns are readable in the Apache 2.0 sourceAdapt, do not copy; unmaintained dependencies in the source carry their own risks
Logic/WorkflowsPartialQuery logic and permission config readable in source codeAdapt to your new stack rather than porting verbatim
Users & AuthPartialUser config may be in Basetool's own database if self-hosted; extract the user list before decommissioningPassword hash export not documented; users will need a password reset on the new platform

Swipe the table sideways to see the full breakdown.

Where each piece moves in code

Basetool is a Next.js app connecting to your own databases — the migration to Next.js + Supabase is architecturally the same pattern, just maintained.

a Basetool

Basetool (Next.js proxy to your DB)

In code

Next.js app with direct Supabase or Drizzle queries — essentially the same architecture, maintained

Read the Basetool Apache 2.0 source to understand the query patterns; replicate in Drizzle/Supabase

a Basetool

Basetool data-source connections (Postgres, MySQL)

In code

Supabase client or Drizzle ORM connecting to the same databases

Your data sources are unchanged; just update the connection layer

a Basetool

Basetool tables, views, and filters

In code

shadcn/ui DataTable with TanStack Table

TanStack Table handles sorting, filtering, pagination — matches Basetool's data grid patterns

a Basetool

Basetool permission control (per-user/team)

In code

Supabase RLS + role column on users table

Map existing permission model to RLS policies; source code documents the permission logic

a Basetool

Basetool CSV export feature

In code

Server-side CSV generation in a Next.js Route Handler

Standard papaparse or native string generation in a Route Handler

a Basetool

Basetool self-host (Docker or Vercel)

In code

Vercel + Supabase (existing Vercel deploy path already familiar)

If running on Vercel already, the deployment tooling is identical

a Basetool

Basetool UI layout and components

In code

Tailwind CSS with shadcn/ui; source is readable for reference

Use Basetool UI patterns as design reference; rebuild with maintained component library

The migration roadmap

Four phases: read the source and inventory what you have, build the foundation, port per-resource pages, and cut over quickly to minimize time running unmaintained code.

1

Source Audit & Inventory

3–5 days
  • Run npm audit on your Basetool installation to quantify current CVE exposure
  • Clone the GitHub repo as a spec reference (Apache 2.0)
  • List every data source connection and verify credentials are still current
  • Extract user list from Basetool's internal database before any decommission
  • Document every page/view and the query logic behind it

Watch out: Run npm audit before starting — the output gives you the security argument for timeline urgency and prevents surprises mid-migration

2

Foundation Setup

1 week
  • Provision Supabase; configure connections to your existing Postgres/MySQL databases
  • Set up Next.js (App Router), Tailwind, shadcn/ui
  • Implement user table with role column and Supabase RLS policies
  • Configure Supabase Auth; plan user password reset flow
3

Per-Resource Page Migration

2–4 weeks
  • Build one Next.js page per Basetool table/view using source code as specification
  • Implement DataTable with TanStack Table for each resource (sorting, filtering, pagination)
  • Port query logic from Basetool source to Drizzle or Supabase queries
  • Add CSV export Route Handler if used
4

Cutover

2–3 days
  • Perform forced password reset for all users
  • Validate parity against the running Basetool instance (or screenshots if already decommissioned)
  • Decommission Basetool immediately — do not run in parallel longer than necessary
  • Monitor Supabase logs for query errors in the first 48 hours

Watch out: Set a hard cutover date; every additional week running unmaintained code extends security exposure

Three ways to migrate — honestly

Every path has a real trade-off. Here is what each costs, how long it takes, and where it bites.

DIY (with AI tools)

$0–500 + time

4–8 weeks part-time

Fits

Technical founders or developers comfortable with Next.js; Basetool's architecture is already familiar; data is external so no data migration complexity

Risks

Permission model reconstruction and user extraction are easy to underscope; SSO requirements (if Basetool never delivered them) add fresh implementation cost

Freelancer

$3K–8K

4–6 weeks

Fits

Apps with clear resource inventory and no SSO/audit log requirements; best when the Basetool source clearly documents the query logic

Risks

Freelancers unfamiliar with Basetool may not know to read the Apache 2.0 source as a spec; specify this in the brief

Agency (RapidDev)

Done-for-you

$13K–25K fixed

4–8 weeks

Fits

Teams with security audit findings requiring immediate timeline, compliance requirements (SSO, audit logs) that Basetool never delivered, or customer-facing portals built on Basetool

Risks

Higher upfront cost; justified when security urgency or compliance features make open-ended freelancer scope risky

The real risks — and how to defuse them

Security exposure during transition

Mitigation: Run npm audit immediately; restrict Basetool access to internal network only during the migration window; set a hard cutover date and treat every week of delay as a security liability

Dependency chain CVEs

Mitigation: Do not extend the migration timeline trying to patch Basetool; migrate to a maintained stack instead. Patches on an abandoned codebase create a false sense of security

User list recovery

Mitigation: Extract user list from Basetool's internal database (if self-hosted) before decommissioning; this is the only data stored in Basetool itself

Missing planned features in new build

Mitigation: SSO and audit logs were never shipped in Basetool; add these to the new build scope explicitly if compliance requires them — do not assume they will be 'easier' than the main migration

Should you actually migrate?

Migrating is a real project. Sometimes staying is the right call — here is the honest split.

Stay if

  • Your Basetool instance is internal-only (not internet-facing) and your security team has not flagged unmaintained dependencies in any audit
  • The app is rarely used and migration cost genuinely outweighs the risk at this moment — freeze access and plan a migration within 6 months
  • You are actively planning migration and need a few weeks to complete the source audit before starting

Migrate if

  • Your security team has flagged unmaintained dependencies or any CVE audit has returned findings
  • You need features Basetool never shipped (SSO, audit logs, advanced RBAC) for compliance or team growth
  • You are scaling the number of users or business criticality of the tool beyond a small internal ops team

Our honest verdict

Basetool is the easiest migration in this group: same architecture (Next.js), data already external, Apache 2.0 source as a readable spec. The only real risk is security exposure from unmaintained dependencies — the goal is to reduce that window, not eliminate it perfectly.

Do this today: pre-migration checklist

Whatever path you choose, protect yourself first. Work through this before you touch a line of code.

Run npm audit on your Basetool installation to quantify current CVE exposure

The audit output gives you the security argument for timeline urgency and tells you how exposed you are right now

Extract the user list from Basetool's internal database before any decommission

User data stored in Basetool's own database is the only asset that requires extraction — everything else is in your external data sources

Confirm all external data sources (Postgres, MySQL) are accessible and credentials are current

If connection credentials have rotated since Basetool was configured, discover this now rather than mid-migration

Read the Basetool GitHub source (Apache 2.0) to document the query logic your app uses

The source is your spec; understanding the query patterns before building saves significant rework

Clone the repo locally as a spec reference before you build the replacement

GitHub repos can be archived or deleted; having a local copy of the Apache 2.0 source ensures access throughout the migration

Set a hard date for cutover and treat every week of delay as a security liability

There is no natural deadline forcing action; the discipline of a fixed cutover date prevents indefinite delay while security exposure accumulates

Frequently asked questions

Can I export my Basetool app code?

Basetool is Apache 2.0 — the source code is publicly available on GitHub (github.com/basetool-io/basetool). This is your migration spec. There is no proprietary app-definition export because the source itself documents everything the platform does. Do not copy it into production — use it as a reference.

Is my data safe if Basetool is abandoned?

Yes. Basetool acted as a proxy to your own data sources (Postgres, MySQL); it never stored your source data. Your databases are intact, credentials still work, and no extraction step is needed. The only data in Basetool's own database is user accounts — extract those before decommissioning.

How long does migrating from Basetool take?

Typically 4–8 weeks — the shortest estimate in this category. Basetool is a Next.js app and your migration target is Next.js + Supabase: same architecture, data already external. The main variables are the number of resource pages and whether you need to add features (SSO, audit logs) that Basetool never delivered.

Is Basetool still maintained?

No. The GitHub repo (github.com/basetool-io/basetool) shows no meaningful activity since approximately 2022 and the last copyright reads '© 2021 Basetool Inc.' There have been no security patches or dependency updates in over three years. The software runs but accumulates CVE exposure with every passing month.

What happens to my users when I migrate off Basetool?

Users stored in Basetool's own database need a forced password reset on the new platform — password hashes are not documented as exportable. Extract the user list (name, email, role) from Basetool's internal database before decommissioning. Communicate the reset flow to users in advance.

Can I just fork Basetool and keep running it?

Technically yes — it is Apache 2.0. But forking and patching an abandoned codebase without a maintainer is ongoing ops burden. You would be responsible for all security patches across its entire dependency tree. In most cases, migrating to a maintained Next.js + Supabase stack is faster and more sustainable than maintaining a Basetool fork.

Can RapidDev migrate our Basetool instance?

Yes. RapidDev offers fixed-price Basetool migrations ($13K–$25K, 4–8 weeks), including adding features Basetool never shipped (SSO, audit logs, RBAC). Book a free scoping call to count your resource pages and confirm the timeline.

What should I use instead of Basetool?

Two paths: (1) Custom code — Next.js + Supabase with shadcn/ui is architecturally identical to what Basetool was doing, just maintained; (2) Open-source builder — Appsmith CE (Apache 2.0, no user cap) or Budibase CE (GPL v3) offer maintained drag-drop builders with active development. The custom code path is recommended if your team has Next.js familiarity.

RapidDev

We migrate no-code apps to production code

  • Fixed price — $13K–$25K (agency, fixed)
  • No data loss, no downtime
  • You own 100% of the code
Get a fixed-price quote

30-min call. Quote within 48 hours.

Your next step

Still weighing your options?

Talk to a team that ships on all of these platforms. A free consultation gets you an honest recommendation for your specific project — even if the answer is a tool, not us.

Book a free consultation

We put the rapid in RapidDev

Need a dedicated strategic tech and growth partner? Discover what RapidDev can do for your business! Book a call with our team to schedule a free, no-obligation consultation. We'll discuss your project and provide a custom quote at no cost.