Automic VaultAutomic Vault

brew / couverture d'outils protégés / rang 841

Installer supabase

Consultez les chemins d'installation, exécutables, métadonnées et notes de sécurité de supabase pour les workflows d'agents IA.

Commande d'installationNotes de sécurité

agent safety

Agent safety answer

supabase CLI manages hosted projects, databases, functions, and local dev state.

Credential access

Reads Supabase tokens, database passwords, env files, and project config.

Remote mutation

Can deploy functions, run migrations, and change project state.

Publish/artifact risk

Publishes functions, migrations, and generated API artifacts.

Recommended control

Gate deploy, db push, secrets, link, and token commands.

Agent-use guidance

Allow local status and generation; require approval for remote database or function changes.

installation

Installer avec Automic Vault

Automic Vault
Télécharger AV
sudo av install brew:supabase

macOS

Homebrewverified · 100%
brew install supabase

local Homebrew formula metadata

Windows

Scoopverified · 92%
scoop install main/supabase

Scoop official bucket manifest trees · bucket/supabase.json · source: api.github.com

Notes de plateforme

  • Aucune note de plateforme propre au paquet n'était présente.

aperçu

Résumé du paquet

Postgres development platform

Commandes et alias

  • supabase

couverture d'outils protégés

Trivially Accessible Supabase Tokens

Supabase CLI stores access tokens in the macOS Keychain through go-keyring, which creates items through `/usr/bin/security`. Those items allow `/usr/bin/security` to read the token non-interactively. Our isotope builds a signed Supabase CLI and replaces the Go credential backend on macOS so new Keychain items trust the Supabase executable instead of the security tool.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 1 runtime dependencies.

Extrait README local

Automic Vault Fork Notes

This repository is the Automic Vault fork of Supabase CLI.

Automic Vault is a macOS-first secret and execution control system that keeps sensitive credentials behind explicit human approval in the Automic Vault GUI app instead of exposing them directly to terminal tools.

This fork currently adds the following behavior on top of upstream supabase/cli:

  • An protected tool:supabase package recipe that builds and signs both the

Bun/TypeScript supabase launcher and the Go supabase-go helper.

  • Direct macOS Keychain access from the signed supabase-go binary instead

of github.com/zalando/go-keyring shelling out to /usr/bin/security, so Keychain trust is attached to the Supabase executable.

  • A macOS-only automicvault Go build tag for the secure credential backend,

while default upstream builds continue to use go-keyring.

  • A hazard detector for insecure Supabase CLI installs, including the

plaintext fallback token at ~/.supabase/access-token and Keychain ACLs that allow /usr/bin/security to read Supabase secrets.

  • A hidden supabase-go av-migrate command used by the Automic Vault protected tool

migration hook to rewrite insecure Keychain items and move fallback access tokens into the signed Supabase credential backend.

  • Test seams that keep the credential tests deterministic without touching the

user's real Keychain.

Source: local coverage notes

Source de couverture

Extrait source

Caveats

  • Existing insecure Supabase CLI Keychain items and plaintext fallback access tokens are migrated when the isotope migration runs.
  • This currently replaces the Homebrew core supabase formula.

exécutables

Exécutables installés

CommandeTypeExpositionNote
supabasecliglobal executable

fraîcheur

Version et fraîcheur

Ces signaux séparent l'âge de génération de la page, l'activité du gestionnaire de paquets et la comparaison avec les versions amont. Un retard de version n'est signalé que lorsqu'une URL de preuve et des versions comparables sont présentes.

page générée2026-06-10
version du gestionnaire2.105.0
gestionnaire mis à jour2026-06-05
données localesok
amontnot checked
dernière version détectéenot detected

https://supabase.com/docs/reference/cli/about

métadonnées d'installation

Métadonnées du paquet

Package keybrew:supabase
Version2.105.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/supabase
Homepagehttps://supabase.com/docs/reference/cli/about
Repositoryhttps://github.com/supabase/cli
Upstream docshttps://supabase.com/docs/guides/local-development/cli/getting-started
LicenseMIT
Source archivehttps://registry.npmjs.org/supabase/-/supabase-2.105.0.tgz
Last updated2026-06-05T17:13:10Z
Pulseupdated
Dependenciesnode
Bottleavailable (arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namesupabase
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Scoop95%

main/supabase

scoop install main/supabase
  • normalized package name match
  • Matched by: Supabase
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/supabase.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

graphe de paquets

Les liens viennent du graphe local de relations entre paquets, des suppléments, des dépendances, des correspondances d'écosystèmes et de l'appartenance aux hubs.

Outils liés

  • nodeRuntime dependency declared by Homebrew.

Même workflow

  • libpqShares av.db curated category or tags: cli, database, developer-tools, postgresql.
  • sqlcmdShares av.db curated category or tags: cli, database, developer-tools.
  • dbmateShares av.db curated category or tags: cli, database, developer-tools, postgresql.
  • golang-migrateShares av.db curated category or tags: cli, database, developer-tools.
  • pgcliShares av.db curated category or tags: cli, database, developer-tools, postgresql.
  • sqlcShares av.db curated category or tags: cli, database, developer-tools.
  • supabaseSame normalized package name in another local ecosystem.

piste source

Généré depuis les données du dépôt

Cette page est servie par av-web depuis l'artéfact SQLite privé des paquets généré par scripts/generate-pkg-sqlite.py.

Sources utilisées

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated agent safety answer
  • external package-manager database matches
  • local coverage README
  • package relationship graph
  • package version freshness
  • package-page enrichment
  • secret-handling manifest