RepoJournal
Supabase

@supabase

The open-source Firebase alternative powering thousands of startups

Pick a date

  1. Sat 2 may
  2. Mon 4 may
  3. Tue 5 may
  4. Wed 6 may
  5. Thu 7 may
  6. Fri 8 may
  7. Sat 9 may
  8. Mon 11 may
  9. Tue 12 may
  10. Wed 13 may
  11. Thu 14 may
  12. Fri 15 may
  13. Sat 16 may
  14. Sun 17 may
  15. Tue 19 may
  16. Wed 20 may
  17. Thu 21 may
  18. Sat 23 may
  19. Sun 24 may
  20. Mon 25 may
  21. Tue 26 may
  22. Wed 27 may
  23. Thu 28 may
  24. Fri 29 may
  25. Sat 30 may
  26. Sun 31 may
  27. Mon 1 jun
  28. Mon 8 jun
  29. Tue 9 jun
  30. Today 10 jun

The Wire · Showcase

SUPABASE TIGHTENS RLS SECURITY, SHIPS GRAPHIQL V5 OVERHAUL

By RepoJournal · Filed · About Supabase

Supabase is forcing security-first UX by making the RLS enable banner impossible to dismiss without action, while simultaneously shipping a cleaner GraphQL IDE built on GraphiQL 5.

The RLS auto-enable prompt is no longer a throw-away toast [1] — it's now a persistent banner that users can minimize but never truly dismiss until they've explicitly handled row-level security. This is a deliberate friction point. You can't build an insecure database by accident anymore. That same security obsession shows up in the GraphQL Studio, where [2] GraphiQL got bumped to v5 with a simpler prebuilt component replacing the previous heavily-customized rebuild. You trade some layout flexibility for maintainability; role impersonation moved into the sidebar plugin system. The table editor header is getting a refresh [4] — components are breaking down into smaller, reusable pieces (`IndexAdvisorPopover`, `SecurityDefinerViewPopover`, `RealtimeToggle`) and the header is deprecating the older `useUrlState` hook in favor of `useQueryState`. On the marketing side, Supabase shipped zero JSON-LD structured data on supabase.com until now [3] — that's gone, with a new typed schema builder module that lets Google and AI assistants properly parse Supabase as a first-class entity across homepage, products, and blog. Finally, the design system got more flexible [5] with richer Admonition support — success states, description-only callouts, and cleaner title-only usage that stops floating headings from looking disconnected.

Action items

References

  1. [1] Shift auto enable rls to a minimisable banner instead (#45410) supabase/supabase
  2. [2] [FE-2075] feat(studio): bump graphiql to v5 and use prebuilt component (#45404) supabase/supabase
  3. [3] feat(www): add JSON-LD structured data to homepage, products, and blog ↗ supabase/supabase
  4. [4] Clean up table editor header (#45452) supabase/supabase
  5. [5] chore(studio + design-system): more flexible Admonition ↗ supabase/supabase

FAQ

What changed in Supabase on May 2, 2026?
Supabase is forcing security-first UX by making the RLS enable banner impossible to dismiss without action, while simultaneously shipping a cleaner GraphQL IDE built on GraphiQL 5.
What should Supabase teams do about it?
Review RLS implementation in existing projects — the banner won't let users skip it anymore • Test GraphiQL v5 in your studio instance; role impersonation now lives in sidebar • Update internal links and documentation to reference new Admonition types
Which Supabase repositories shipped on May 2, 2026?
supabase/supabase

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.