Automic VaultAutomic Vault

brew / Protected-Tool-Abdeckung / Rang 841

supabase installieren

Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für supabase in AI-Agent-Workflows.

InstallationsbefehlSicherheitshinweise

agent safety

Agent safety answer

supabase CLI manages hosted projects, databases, functions, and local dev state.

Credential access

Reads Supabase tokens, database passwords, env files, and project config.

Remote mutation

Can deploy functions, run migrations, and change project state.

Publish/artifact risk

Publishes functions, migrations, and generated API artifacts.

Recommended control

Gate deploy, db push, secrets, link, and token commands.

Agent-use guidance

Allow local status and generation; require approval for remote database or function changes.

Installation

Mit Automic Vault installieren

Automic Vault
AV herunterladen
sudo av install brew:supabase

macOS

Homebrewverified · 100%
brew install supabase

local Homebrew formula metadata

Windows

Scoopverified · 92%
scoop install main/supabase

Scoop official bucket manifest trees · bucket/supabase.json · source: api.github.com

Plattformhinweise

  • Es waren keine paketspezifischen Plattformhinweise vorhanden.

Überblick

Paketzusammenfassung

Postgres development platform

Befehle und Aliase

  • supabase

Protected-Tool-Abdeckung

Trivially Accessible Supabase Tokens

Supabase CLI stores access tokens in the macOS Keychain through go-keyring, which creates items through `/usr/bin/security`. Those items allow `/usr/bin/security` to read the token non-interactively. Our isotope builds a signed Supabase CLI and replaces the Go credential backend on macOS so new Keychain items trust the Supabase executable instead of the security tool.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 1 runtime dependencies.

Lokaler README-Auszug

Automic Vault Fork Notes

This repository is the Automic Vault fork of Supabase CLI.

Automic Vault is a macOS-first secret and execution control system that keeps sensitive credentials behind explicit human approval in the Automic Vault GUI app instead of exposing them directly to terminal tools.

This fork currently adds the following behavior on top of upstream supabase/cli:

  • An protected tool:supabase package recipe that builds and signs both the

Bun/TypeScript supabase launcher and the Go supabase-go helper.

  • Direct macOS Keychain access from the signed supabase-go binary instead

of github.com/zalando/go-keyring shelling out to /usr/bin/security, so Keychain trust is attached to the Supabase executable.

  • A macOS-only automicvault Go build tag for the secure credential backend,

while default upstream builds continue to use go-keyring.

  • A hazard detector for insecure Supabase CLI installs, including the

plaintext fallback token at ~/.supabase/access-token and Keychain ACLs that allow /usr/bin/security to read Supabase secrets.

  • A hidden supabase-go av-migrate command used by the Automic Vault protected tool

migration hook to rewrite insecure Keychain items and move fallback access tokens into the signed Supabase credential backend.

  • Test seams that keep the credential tests deterministic without touching the

user's real Keychain.

Quelle: local coverage notes

Quelle der Abdeckung

Quellauszug

Caveats

  • Existing insecure Supabase CLI Keychain items and plaintext fallback access tokens are migrated when the isotope migration runs.
  • This currently replaces the Homebrew core supabase formula.

Executables

Installierte Executables

BefehlArtSichtbarkeitHinweis
supabasecliglobal executable

Aktualität

Version und Aktualität

Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.

Seite generiert2026-06-10
Manager-Version2.105.0
Manager aktualisiert2026-06-05
lokale Datenok
Upstreamnot checked
neueste erkannte Versionnot detected

https://supabase.com/docs/reference/cli/about

Installationsmetadaten

Paketmetadaten

Package keybrew:supabase
Version2.105.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/supabase
Homepagehttps://supabase.com/docs/reference/cli/about
Repositoryhttps://github.com/supabase/cli
Upstream docshttps://supabase.com/docs/guides/local-development/cli/getting-started
LicenseMIT
Source archivehttps://registry.npmjs.org/supabase/-/supabase-2.105.0.tgz
Last updated2026-06-05T17:13:10Z
Pulseupdated
Dependenciesnode
Bottleavailable (arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namesupabase
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Scoop95%

main/supabase

scoop install main/supabase
  • normalized package name match
  • Matched by: Supabase
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/supabase.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

Paketgraph

Links stammen aus dem lokalen Paketbeziehungsgraph, Ergänzungen, Abhängigkeitskanten, Ecosystem-Matches und Paket-Hub-Mitgliedschaft.

Verwandte Tools

  • nodeRuntime dependency declared by Homebrew.

Gleicher Workflow

  • libpqShares av.db curated category or tags: cli, database, developer-tools, postgresql.
  • sqlcmdShares av.db curated category or tags: cli, database, developer-tools.
  • dbmateShares av.db curated category or tags: cli, database, developer-tools, postgresql.
  • golang-migrateShares av.db curated category or tags: cli, database, developer-tools.
  • pgcliShares av.db curated category or tags: cli, database, developer-tools, postgresql.
  • sqlcShares av.db curated category or tags: cli, database, developer-tools.
  • supabaseSame normalized package name in another local ecosystem.

Quellspur

Aus Repository-Daten generiert

Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.

Verwendete Quellen

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated agent safety answer
  • external package-manager database matches
  • local coverage README
  • package relationship graph
  • package version freshness
  • package-page enrichment
  • secret-handling manifest