Package evidence

@supabase/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 18
First published: May 2026
Publisher: dswbx

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@supabase/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@supabase/[email protected]"],"fail_on":"review"}'

Publisherdswbx

Artifact bytes912,159

Previous version0.4.1-next.4

Published2026-06-17T15:22:29.520Z

SHA-2567905b696182e2ab1a607ba6c59b0812319c0be7b626840bc8c4dbf3955e4c0ab

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low

14h agoLast checked

lowRisk

0Score

0.5.0Version

Status history (1 event)

new → available14h ago · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts51

buildbun run build.ts
build:allbun run build:static && bun run build.ts --types --minify
build:staticvite build
cliLOCAL=1 bun src/cli/index.ts
debug:bunbun run --hot dev/debug.ts
debug:nodetsx --watch dev/debug.ts
devvite
dev:bunbun run --hot dev/bun/bun.dev.ts
docs:generatebun run internal/extract.ts
formatbiome format --write .
lintbiome check --write .
postpackbun run internal/package-readme.ts cleanup
prepackbun run internal/package-readme.ts prepare
prepublishOnlynpm whoami && bun run typecheck && bun run test && bun run build:all && bun run smoke:pack -- --no-build
release:canaryecho "PR previews publish through GitHub Actions > Preview Package using pkg.pr.new." && exit 1
release:minorecho "Use GitHub Actions > Release with version_specifier=minor." && exit 1
release:nextecho "Use GitHub Actions > Release Next from develop." && exit 1
release:patchecho "Use GitHub Actions > Release with version_specifier=patch." && exit 1
smoke:packbun run internal/smoke-pack.ts
testbun test --bail
test:allbun run test:low && bun run vitest && bun run test:spec:status && bun run test:spec:auth && bun run test:spec:storage
test:coveragebun test --bail --coverage --coverage-reporter=text --coverage-reporter=lcov
test:gotrueGOTRUE_TEST_SUITE=1 bun test auth/gotrue-suite.postgres.test.ts
test:lowbun run test/run-low-memory.ts
test:phenotype:storagebun run test:spec:storage:postgres
test:postgrestbun test postgrest/suite/postgres.test.ts
test:spec:analyzebun run test/supabase-spec/rest/analyze.ts
test:spec:analyze:pglitebun run test/supabase-spec/rest/analyze.ts --backend=pglite
test:spec:analyze:postgresbun run test/supabase-spec/rest/analyze.ts --backend=postgres
test:spec:analyze:sqlitebun run test/supabase-spec/rest/analyze.ts --backend=sqlite
…and 21 more.

Dependencies17

@commander-js/extra-typings^14.0.0
@electric-sql/pglite0.4.5
@hono/node-server^1.19.9
@sentry/node^10.51.0
@supabase/pg-delta1.0.0-alpha.10
@vercel/detect-agent^1.2.3
bcryptjs^3.0.3
chokidar^5.0.0
commander^14.0.3
dotenv^17.3.1
kysely^0.28.11
kysely-generic-sqlite^1.2.1
kysely-postgres-js^3.0.0
libpg-query17.7.3
pgsql-deparser17.18.3
pgsql-parser17.9.15
uuid^13.0.0