Perufitlife

Perufitlife / supabase-security-skill

Public

Open-source Supabase security auditor: detects RLS-disabled tables, public buckets, exposed SECURITY DEFINER functions. Active anonymous probe confirms each leak with the anon key.

perufitlife.github.iosupabase-security-skill audit auditor cli devsecops leak
10
0
100% credibility
Found May 10, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
JavaScript
AI Summary

A free local tool that scans Supabase projects for common security vulnerabilities like exposed tables and public storage, generating shareable HTML reports with one-click copy fixes.

How It Works

1
🔍 Discover the Supabase security checker

You hear about big security changes coming to Supabase that could leave your data exposed, so you find this free tool to scan your project and spot risks.

2
📥 Grab the checker

You get the tool from its page – either run it online in a web playground or download it to your computer for full privacy.

3
🔗 Link your project

From your Supabase dashboard, you copy a quick permission note and tell the tool the name of your project to check.

4
Launch the scan

Hit go, and the tool quietly checks your tables, files, and settings for leaks that anyone with the public key could exploit – all on your machine.

5
📊 View your report

Open the colorful web report that lists issues by danger level, like critical leaks or weak spots, with simple explanations.

6
🛠️ Apply easy fixes

Copy the ready-to-paste instructions from the report and run them in your Supabase editor to lock everything down tight.

Project secured!

Your Supabase project is now protected from data leaks, ready for the new rules, and you can share the report with your team.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is supabase-security-skill?

This Node.js CLI audits Supabase projects for security leaks like RLS-disabled tables, public storage buckets, and anon-executable SECURITY DEFINER functions. It pulls your project ref and personal access token to query the database and API, then spits out an HTML report with severity scores, live proof from anon-key probes, and copy-paste SQL fixes. Solves the headache of manual checks ahead of Supabase's 2026 RLS enforcement on all projects.

Why is it gaining traction?

Unlike SaaS auditors that hold your token, this runs entirely local—zero data leaves your machine—and it's free MIT open source supabase tool with CI hooks for GitHub Actions workflows. Active probes actually fetch data via the anon key to confirm leaks, not just flag metadata, plus one-click "copy all SQL" bundles fixes. Stands out for Supabase open source projects needing quick, shareable reports without subscriptions.

Who should use this?

Supabase backend devs auditing legacy projects with default anon grants, teams hardening before the 2026 deadline, or ops folks scanning storage and auth configs in CI pipelines. Ideal for open source supabase self-hosted setups or anyone comparing supabase open source vs cloud security gaps.

Verdict

Grab it if you're on Supabase—10 stars and 1.0% credibility score scream alpha, with gaps like no per-object storage scans, but solid docs and zero deps make it a no-brainer for one-off audits. Test on a real project; fixes real leaks fast.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.