Gathering detailed insights and metrics for @supabase/supabase-js
Gathering detailed insights and metrics for @supabase/supabase-js
An isomorphic Javascript client for Supabase. Query your Supabase database, subscribe to realtime events, upload and download files, browse typescript examples, invoke postgres functions via rpc, invoke supabase edge functions, query pgvector.
Installations
npm install @supabase/supabase-jsDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
20.19.1
NPM Version
10.8.2
Score
97
Supply Chain
99
Quality
99.8
Maintenance
100
Vulnerability
99.6
License
Releases
344
Languages
3
TypeScript
HTML
JavaScript
TypeScript (90.15%)
HTML (5.31%)
JavaScript (4.54%)
Developer
Download Statistics
Total Downloads
60,924,125
Last Day
219,099
Last Week
2,085,589
Last Month
8,510,415
Last Year
43,837,582
GitHub Statistics
MIT License
3,813 Stars
879 Commits
395 Forks
59 Watchers
16 Branches
153 Contributors
Updated on Jul 07, 2025
Bundle Size
114.30 kB
Minified
29.49 kB
Minified + Gzipped
Maintainers
14
Package Meta Information
Latest Version
2.50.3
Package Id
@supabase/supabase-js@2.50.3
Unpacked Size
241.83 kB
Size
52.84 kB
File Count
76
NPM Version
10.8.2
Node Version
20.19.1
Published on
Jul 02, 2025
Total Downloads
Cumulative downloads
Total Downloads
60,924,125
Last Day
-17.2%
219,099
Compared to previous day
Last Week
-5.8%
2,085,589
Compared to previous week
Last Month
12.5%
8,510,415
Compared to previous month
Last Year
280.2%
43,837,582
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
6
supabase-js - Isomorphic JavaScript Client for Supabase.
- Documentation: https://supabase.com/docs/reference/javascript/start
- TypeDoc: https://supabase.github.io/supabase-js/v2/
Usage
First of all, you need to install the library:
1npm install @supabase/supabase-js
Then you're able to import the library and establish the connection with the database:
1import { createClient } from '@supabase/supabase-js'
2
3// Create a single supabase client for interacting with your database
4const supabase = createClient('https://xyzcompany.supabase.co', 'public-anon-key')UMD
You can use plain <script>s to import supabase-js from CDNs, like:
1<script src="https://cdn.jsdelivr.net/npm/@supabase/supabase-js@2"></script>
or even:
1<script src="https://unpkg.com/@supabase/supabase-js@2"></script>
Then you can use it from a global supabase variable:
1<script> 2 const { createClient } = supabase 3 const _supabase = createClient('https://xyzcompany.supabase.co', 'public-anon-key') 4 5 console.log('Supabase Instance: ', _supabase) 6 // ... 7</script>
ESM
You can use <script type="module"> to import supabase-js from CDNs, like:
1<script type="module"> 2 import { createClient } from 'https://cdn.jsdelivr.net/npm/@supabase/supabase-js/+esm' 3 const supabase = createClient('https://xyzcompany.supabase.co', 'public-anon-key') 4 5 console.log('Supabase Instance: ', supabase) 6 // ... 7</script>
Deno
You can use supabase-js in the Deno runtime via JSR:
1import { createClient } from 'jsr:@supabase/supabase-js@2'
Custom fetch implementation
supabase-js uses the cross-fetch library to make HTTP requests, but an alternative fetch implementation can be provided as an option. This is most useful in environments where cross-fetch is not compatible, for instance Cloudflare Workers:
1import { createClient } from '@supabase/supabase-js'
2
3// Provide a custom `fetch` implementation as an option
4const supabase = createClient('https://xyzcompany.supabase.co', 'public-anon-key', {
5 global: {
6 fetch: (...args) => fetch(...args),
7 },
8})Testing
Unit Testing
1pnpm test
Integration Testing
1supabase start 2pnpm run test:integration
Badges
No vulnerabilities found.
Reason
23 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Reason
all changesets reviewed
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
1 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:260: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:263: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:268: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:274: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:194: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:221: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:224: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/docs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/docs.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/docs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/supabase/supabase-js/release.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:247
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:287
- Info: 0 out of 22 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 9 third-party GitHubAction dependencies pinned
- Info: 8 out of 10 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:25
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/docs.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
6
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More