RepoJournal
Supabase

@supabase

The open-source Firebase alternative powering thousands of startups

Pick a date

  1. Sat 2 may
  2. Mon 4 may
  3. Tue 5 may
  4. Wed 6 may
  5. Thu 7 may
  6. Fri 8 may
  7. Sat 9 may
  8. Mon 11 may
  9. Tue 12 may
  10. Wed 13 may
  11. Thu 14 may
  12. Fri 15 may
  13. Sat 16 may
  14. Sun 17 may
  15. Tue 19 may
  16. Wed 20 may
  17. Thu 21 may
  18. Sat 23 may
  19. Sun 24 may
  20. Mon 25 may
  21. Tue 26 may
  22. Wed 27 may
  23. Thu 28 may
  24. Fri 29 may
  25. Sat 30 may
  26. Sun 31 may
  27. Mon 1 jun
  28. Mon 8 jun
  29. Tue 9 jun
  30. Today 10 jun

The Wire · Showcase

SUPABASE HARDENS AI STORAGE GUIDANCE, CLI SHEDS LAST GO BINARIES

By RepoJournal · Filed · About Supabase

The Assistant now blocks dangerous RLS patterns on public buckets while the CLI completes its TypeScript migration, eliminating the final Go proxy layer.

Supabase shipped a critical update to its AI Assistant that teaches it to recognize and block overly permissive RLS policies on storage buckets [1]. Public buckets with broad read access can accidentally expose sensitive data like profile pictures or private files; the new evals catch this before deployment and guide users toward restrictive patterns. This closes a gap where developers could unknowingly grant world-readable access to bucket contents. Meanwhile, the analytics SQL safety series crossed the finish line [2], with every analytics query now flowing through branded SafeLogSqlFragment inputs. On the CLI front, three major command families completed their TypeScript port: network-bans [3], vanity-subdomains [5], and snippets [6], eliminating the last Go proxy handlers that powered Phase 0 operations. Version 2.102.0 [4] also restored shell completion in legacy environments and silenced CI identity spam. The CLI is now native TypeScript end-to-end.

Action items

References

  1. [1] feat(ai): judge tool inputs, add storage guidance and permissive RLS evals (#46168) supabase/supabase
  2. [2] feat(logs): brand remaining analytics SQL callers with SafeLogSqlFragment (#46476) supabase/supabase
  3. [3] feat(cli): migrate network bans (#5382) supabase/cli
  4. [4] v2.102.0 ↗ supabase/cli
  5. [5] feat(cli): migrate vanity-subdomains ↗ supabase/cli
  6. [6] feat(cli): port snippets commands to native TypeScript ↗ supabase/cli

FAQ

What changed in Supabase on May 30, 2026?
The Assistant now blocks dangerous RLS patterns on public buckets while the CLI completes its TypeScript migration, eliminating the final Go proxy layer.
What should Supabase teams do about it?
Update Supabase CLI to 2.102.0 to get native TypeScript commands and shell completion fixes • Review storage bucket RLS policies in production; check Assistant guidance for restrictive patterns • Monitor Analytics logs for any queries; all paths now use SafeLogSqlFragment
Which Supabase repositories shipped on May 30, 2026?
supabase/supabase, supabase/cli

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.