Credential access
Reads Supabase tokens, database passwords, env files, and project config.
brew / 保護ツール対応 / 順位 841
supabase をインストール
supabase のインストール経路、実行ファイル、メタデータ、AI エージェント向けセキュリティノートを確認します。
agent safety
Agent safety answer
supabase CLI manages hosted projects, databases, functions, and local dev state.
Remote mutation
Can deploy functions, run migrations, and change project state.
Publish/artifact risk
Publishes functions, migrations, and generated API artifacts.
Recommended control
Gate deploy, db push, secrets, link, and token commands.
Agent-use guidance
Allow local status and generation; require approval for remote database or function changes.
インストール
Automic Vault でインストール
Automic Vault
sudo av install brew:supabasemacOS
Homebrewverified · 100%
brew install supabaselocal Homebrew formula metadata
Windows
Scoopverified · 92%
scoop install main/supabaseScoop official bucket manifest trees · bucket/supabase.json · source: api.github.com
パッケージマネージャソース
プラットフォームノート
- パッケージ固有のプラットフォームノートはありません。
概要
パッケージ概要
Postgres development platform
ホームページ
コマンドとエイリアス
- supabase
保護ツール対応
Trivially Accessible Supabase Tokens
Supabase CLI stores access tokens in the macOS Keychain through go-keyring, which creates items through `/usr/bin/security`. Those items allow `/usr/bin/security` to read the token non-interactively. Our isotope builds a signed Supabase CLI and replaces the Go credential backend on macOS so new Keychain items trust the Supabase executable instead of the security tool.
Risk classifier
green risk · low confidence · appliance
Why
- narrow executable package without higher-risk signals
Signals
- metadata:no-higher-risk-signals
Install behavior
- No Homebrew post-install hook is recorded in formula metadata.
- Homebrew bottle metadata is available for 6 platform targets.
- Installs with 1 runtime dependencies.
ローカル README 抜粋
Automic Vault Fork Notes
This repository is the Automic Vault fork of Supabase CLI.
Automic Vault is a macOS-first secret and execution control system that keeps sensitive credentials behind explicit human approval in the Automic Vault GUI app instead of exposing them directly to terminal tools.
This fork currently adds the following behavior on top of upstream supabase/cli:
- An
protected tool:supabasepackage recipe that builds and signs both the
Bun/TypeScript supabase launcher and the Go supabase-go helper.
- Direct macOS Keychain access from the signed
supabase-gobinary instead
of github.com/zalando/go-keyring shelling out to /usr/bin/security, so Keychain trust is attached to the Supabase executable.
- A macOS-only
automicvaultGo build tag for the secure credential backend,
while default upstream builds continue to use go-keyring.
- A hazard detector for insecure Supabase CLI installs, including the
plaintext fallback token at ~/.supabase/access-token and Keychain ACLs that allow /usr/bin/security to read Supabase secrets.
- A hidden
supabase-go av-migratecommand used by the Automic Vault protected tool
migration hook to rewrite insecure Keychain items and move fallback access tokens into the signed Supabase credential backend.
- Test seams that keep the credential tests deterministic without touching the
user's real Keychain.
ソース: local coverage notes
カバレッジソース
ソース抜粋
Caveats
- Existing insecure Supabase CLI Keychain items and plaintext fallback access tokens are migrated when the isotope migration runs.
- This currently replaces the Homebrew core supabase formula.
実行可能ファイル
インストールされる実行可能ファイル
| コマンド | 種類 | 公開範囲 | メモ |
|---|---|---|---|
supabase | cli | global executable |
鮮度
バージョンと鮮度
これらの信号は、ページ生成時期、パッケージマネージャの活動、上流リリース比較を分けて示します。バージョン遅れは、証拠 URL と比較可能なバージョンがある場合だけ警告されます。
ページ生成日2026-06-10
マネージャ版2.105.0
マネージャ更新日2026-06-05
ローカルデータok
上流not checked
検出された最新not detected
https://supabase.com/docs/reference/cli/about
- infoRelease/tag comparison is only available for GitHub repositories.https://supabase.com/docs/reference/cli/aboutnone confidence
インストールメタデータ
パッケージメタデータ
| Package key | brew:supabase |
|---|---|
| Version | 2.105.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/supabase |
| Homepage | https://supabase.com/docs/reference/cli/about |
| Repository | https://github.com/supabase/cli |
| Upstream docs | https://supabase.com/docs/guides/local-development/cli/getting-started |
| License | MIT |
| Source archive | https://registry.npmjs.org/supabase/-/supabase-2.105.0.tgz |
| Last updated | 2026-06-05T17:13:10Z |
| Pulse | updated |
| Dependencies | node |
| Bottle | available (arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
Source database details
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | supabase |
| Version Scheme | 0 |
| Revision | 0 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Other package-manager records
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
Scoop95%
main/supabase
scoop install main/supabase- normalized package name match
- Matched by: Supabase
ソース経路
リポジトリデータから生成
このページは scripts/generate-pkg-sqlite.py が生成した非公開のパッケージ SQLite アーティファクトから av-web によって提供されます。
使用ソース
- Geiger risk classifier
- Nucleus package database
- av.db category and tag curation
- cross-ecosystem install command graph
- curated agent safety answer
- external package-manager database matches
- local coverage README
- package relationship graph
- package version freshness
- package-page enrichment
- secret-handling manifest