Skip to content

Release history

I audited my own back ends on 5 BaaS releases

Back to tool Latest release

All releases

3 shown

No immediate action
v1.0.0-action New feature

Supabase security action

Open
v0.2.0 Feature
Notable features
  • realtime_publication_no_rls (CRITICAL)
  • anonymous_signins_enabled (HIGH)
  • weak_password_policy (MEDIUM)
Full changelog

Added 5 new checks:

  • realtime_publication_no_rls (CRITICAL)
  • anonymous_signins_enabled (HIGH)
  • weak_password_policy (MEDIUM)
  • no_captcha_on_auth (MEDIUM)
  • function_no_search_path (MEDIUM)

Total checks: 11. Same single-file install, no deps.

View release on GitHub
v0.1.0 New feature
Notable features
  • Detects RLS leaks, SECURITY DEFINER functions, public buckets, default privileges issues, and unsafe auth configurations
  • Generates HTML report with copy‑paste fix SQL
Full changelog

First release. Detects RLS leaks, exposed SECURITY DEFINER functions, public buckets, default privileges issues, and unsafe auth config. Outputs HTML report with copy-paste fix SQL.

Found 17 leaky tables on my own production app while testing — see README for the case study.

Install:

git clone https://github.com/Perufitlife/supabase-security-skill
SUPABASE_ACCESS_TOKEN=sbp_xxx node scripts/audit.js <project-ref> --html report.html
View release on GitHub

Beta — feedback welcome: [email protected]