May 2026 Summaries
5 posts from Supabase
Filter
Month:
Year:
Post Summaries
Back to Blog
Supply chain attacks on Node Package Manager (NPM) are on the rise, with attackers using methods like typosquatting and build pipeline compromises to infiltrate trusted packages and gain access to sensitive credentials. A notable example includes a phony package mimicking Supabase, which was quickly taken down by npm after being reported. In response, Supabase has launched a coordinated effort to enhance security, including publishing a security guide, hardening GitHub Actions, and educating users. The text outlines common patterns of such attacks and suggests several mitigation strategies, such as updating to pnpm 11, pinning package versions, committing lockfiles, and disabling npm install scripts to prevent unauthorized code execution. It emphasizes the importance of verifying package names and maintaining strict control over GitHub Actions to reduce exposure. The closing advice suggests that while these attacks are becoming more frequent and lucrative, effective defenses are available and should be employed proactively to protect systems.
May 26, 2026
1,922 words in the original blog post.
Supabase has been integrated as an official app within ChatGPT, allowing users to manage their Supabase database infrastructure through conversational commands. This integration enables users to execute SQL queries, modify table schemas, deploy edge functions, and manage branches directly within ChatGPT without switching contexts. The app offers 29 tools that cover database management, project operations, branching, migrations, and edge functions. Users can also search Supabase documentation and pair the app with ChatGPT Projects to streamline project-specific conversations by setting up a project reference. The app is compatible with all Supabase plans and paid ChatGPT plans, and new users can start with a free Supabase account to connect and manage projects through ChatGPT by simply describing their needs.
May 09, 2026
282 words in the original blog post.
Supabase has launched a new package, @supabase/server, in public beta to streamline server-side development by eliminating repetitive setup code for Edge Functions, Cloudflare Workers, Hono, and Bun. The package provides a pre-configured SupabaseContext, which includes user-scoped and admin clients, JWT verification, and auth metadata, simplifying the process of setting up authentication and request contexts. Developers can utilize the withSupabase wrapper for automatic handling of auth, client creation, and CORS, enabling them to focus on business logic without managing shared utility files or environment variables. The package supports various runtime environments and offers composable primitives for advanced use cases, facilitating smooth transitions to new API keys and enhancing project security. As a result, developers can implement consistent patterns across functions, making it easier for both humans and AI agents to produce correct code. The package is compatible with multiple frameworks and runtimes, with full documentation available on GitHub, and feedback is encouraged to improve its API surface and address any edge cases.
May 07, 2026
1,909 words in the original blog post.
Supabase offers two distinct tools, Realtime and ETL, each designed to handle different aspects of database change tracking and data movement. Realtime is geared towards delivering instantaneous updates to client applications, making it ideal for live user experiences such as chat applications and collaborative editing, by broadcasting changes over WebSocket connections. However, it does not guarantee the delivery of every change if a connection is lost. In contrast, Supabase ETL is a change-data-capture pipeline designed for reliable data movement to analytical systems like BigQuery, ensuring every database change is captured and delivered, even if there are interruptions. ETL uses a permanent replication slot to ensure at-least-once delivery, capturing and storing data changes for analytical purposes by batching data with configurable parallelism. Both tools leverage logical replication from Postgres but serve different end goals; Realtime focuses on immediate, live user updates while ETL emphasizes comprehensive and reliable data transfer for analytics, making them complementary rather than interchangeable depending on the application requirements.
May 06, 2026
1,798 words in the original blog post.
Supabase has introduced Branching 2.0, enabling database branching without the need for Git integration, making it the default for all new projects. Previously, branching required connecting a GitHub repository to track migrations via version control, which worked well for teams managing database schema as code but excluded those who didn't use GitHub. Now, users can create branches directly from the Supabase Dashboard, make changes using the SQL or Table Editor, review schema differences, and merge, all without Git configuration. This new method complements the existing Git-based workflow, allowing users to switch between or combine both approaches depending on their needs. The update includes pg-delta, a new schema diffing engine that provides accurate migration statements for Postgres objects, replacing migra as the default for dashboard branching. The branching system is also designed to support AI workflows by enabling programmatic schema iteration and management without Git involvement.
May 05, 2026
692 words in the original blog post.