{"_id":"supasec","_rev":"7-4d7245d6edef46b1fa32c0d63815b395","name":"supasec","dist-tags":{"latest":"1.0.6"},"versions":{"1.0.0":{"name":"supasec","version":"1.0.0","keywords":["supabase","security","audit","cli","rls","scanner","vulnerability","pentesting"],"author":{"name":"SupaSec Team"},"license":"MIT","_id":"supasec@1.0.0","maintainers":[{"name":"interpoolx","email":"advrajeshkumar90@gmail.com"}],"homepage":"https://github.com/yourusername/supasec#readme","bugs":{"url":"https://github.com/yourusername/supasec/issues"},"bin":{"supasec":"dist/cli.js"},"dist":{"shasum":"d166c97ae5d570fe74471e34939eac9d92739566","tarball":"https://registry.npmjs.org/supasec/-/supasec-1.0.0.tgz","fileCount":65,"integrity":"sha512-FeLusP3SdIIeJSaCZ1Y6yaY2+6dgEdnEkJ/uKyCQyyWat0XsK8LfpQ8cn0u+zuAB9Zlr4+eVErluGzgTYoYb3g==","signatures":[{"sig":"MEYCIQDPyjBqQsmcBaloePsh11z4xKlfe3cXwAh99v4Xeo7xcAIhAI9fxCs2+QgeQAPYCyCSzZU7AFQd0nr7WVzuKqJ9KJcw","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":156739},"main":"dist/index.js","types":"dist/index.d.ts","engines":{"node":">=18.0.0"},"gitHead":"eb434f31a7f9a2e16f113699a5fff7f350e3983a","scripts":{"dev":"tsc --watch","lint":"eslint src/**/*.ts","test":"jest","build":"tsc","start":"node dist/cli.js","prepare":"npm run build"},"_npmUser":{"name":"interpoolx","email":"advrajeshkumar90@gmail.com"},"repository":{"url":"git+https://github.com/yourusername/supasec.git","type":"git"},"_npmVersion":"11.6.2","description":"A free, open-source CLI tool for comprehensive Supabase security auditing","directories":{},"_nodeVersion":"24.11.1","dependencies":{"ora":"^7.0.1","axios":"^1.6.0","boxen":"^7.1.1","chalk":"^4.1.2","cheerio":"^1.0.0-rc.12","enquirer":"^2.4.1","commander":"^11.1.0","puppeteer":"^21.5.0","cli-table3":"^0.6.3","@supabase/supabase-js":"^2.38.0"},"_hasShrinkwrap":false,"devDependencies":{"glob":"^13.0.0","jest":"^29.7.0","eslint":"^9.39.2","rimraf":"^6.1.2","ts-jest":"^29.1.0","typescript":"^5.2.0","@types/jest":"^29.5.0","@types/node":"^20.8.0","@types/phoenix":"^1.6.7","@types/json-schema":"^7.0.15","@typescript-eslint/parser":"^8.54.0","@humanwhocodes/config-array":"^0.13.0","@humanwhocodes/object-schema":"^2.0.3","@typescript-eslint/eslint-plugin":"^8.54.0"},"_npmOperationalInternal":{"tmp":"tmp/supasec_1.0.0_1769616338040_0.8234303592137411","host":"s3://npm-registry-packages-npm-production"}},"1.0.1":{"name":"supasec","version":"1.0.1","keywords":["supabase","security","audit","cli","rls","scanner","vulnerability","pentesting"],"author":{"name":"SupaSec Team"},"license":"MIT","_id":"supasec@1.0.1","maintainers":[{"name":"interpoolx","email":"advrajeshkumar90@gmail.com"}],"homepage":"https://github.com/yourusername/supasec#readme","bugs":{"url":"https://github.com/yourusername/supasec/issues"},"bin":{"supasec":"dist/cli.js"},"dist":{"shasum":"3a45ee12a7eb32cab48d62ab0f4cd6a199aeef7b","tarball":"https://registry.npmjs.org/supasec/-/supasec-1.0.1.tgz","fileCount":66,"integrity":"sha512-n9rwvaGxJywnyJFPqzecYJbl9HsM8GmUOhFO3S/ZJVW1kMxSbOVggsrQtx47N+v7H8uA5f6/GXyz9LVs/3Nh0A==","signatures":[{"sig":"MEUCIGplM3MIq0ZR5rnssuo6VUoE4pxsCovcxDmULqaemL8eAiEAqWA/7pt2olLKBlMYm4eJYVtGtv1KjadWynInMFtEu5U=","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":164238},"main":"dist/index.js","types":"dist/index.d.ts","engines":{"node":">=18.0.0"},"gitHead":"eb434f31a7f9a2e16f113699a5fff7f350e3983a","scripts":{"dev":"tsc --watch","lint":"eslint src/**/*.ts","test":"jest","build":"tsc","start":"node dist/cli.js","prepare":"npm run build","publish-version":"node scripts/publish.js"},"_npmUser":{"name":"interpoolx","email":"advrajeshkumar90@gmail.com"},"repository":{"url":"git+https://github.com/yourusername/supasec.git","type":"git"},"_npmVersion":"11.6.2","description":"A free, open-source CLI tool for comprehensive Supabase security auditing","directories":{},"_nodeVersion":"24.11.1","dependencies":{"ora":"^7.0.1","axios":"^1.6.0","boxen":"^7.1.1","chalk":"^4.1.2","cheerio":"^1.0.0-rc.12","enquirer":"^2.4.1","commander":"^11.1.0","puppeteer":"^21.5.0","cli-table3":"^0.6.3","@supabase/supabase-js":"^2.38.0"},"_hasShrinkwrap":false,"devDependencies":{"glob":"^13.0.0","jest":"^29.7.0","eslint":"^9.39.2","rimraf":"^6.1.2","ts-jest":"^29.1.0","typescript":"^5.2.0","@types/jest":"^29.5.0","@types/node":"^20.8.0","@types/phoenix":"^1.6.7","@types/json-schema":"^7.0.15","@typescript-eslint/parser":"^8.54.0","@humanwhocodes/config-array":"^0.13.0","@humanwhocodes/object-schema":"^2.0.3","@typescript-eslint/eslint-plugin":"^8.54.0"},"_npmOperationalInternal":{"tmp":"tmp/supasec_1.0.1_1769617103518_0.12295501733761993","host":"s3://npm-registry-packages-npm-production"}},"1.0.2":{"name":"supasec","version":"1.0.2","keywords":["supabase","security","audit","cli","rls","scanner","vulnerability","pentesting"],"author":{"name":"SupaSec Team"},"license":"MIT","_id":"supasec@1.0.2","maintainers":[{"name":"interpoolx","email":"advrajeshkumar90@gmail.com"}],"homepage":"https://github.com/yourusername/supasec#readme","bugs":{"url":"https://github.com/yourusername/supasec/issues"},"bin":{"supasec":"dist/cli.js"},"dist":{"shasum":"eca7215560485f7116b6847f1963ddd01e21e431","tarball":"https://registry.npmjs.org/supasec/-/supasec-1.0.2.tgz","fileCount":66,"integrity":"sha512-HNQtBLBjDbXJo+2eKG8eQ1iGSxc6sffMHjN9nRe+qarfR4jwgRqTpoUASAIQl1f1DQaxxJYTjCNMMmSgHJ7E8Q==","signatures":[{"sig":"MEUCIQC42T3HcUiS0jLqm5H3x6RNBoFZ3rwYaWzH+Bn8FUYlHwIgBwrTBR98+chv5uOKKeqskZV/yECVi4DxRoFpR0SZZtY=","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":164238},"main":"dist/index.js","types":"dist/index.d.ts","engines":{"node":">=18.0.0"},"gitHead":"eb434f31a7f9a2e16f113699a5fff7f350e3983a","scripts":{"dev":"tsc --watch","lint":"eslint src/**/*.ts","test":"jest","build":"tsc","start":"node dist/cli.js","prepare":"npm run build","publish-version":"node scripts/publish.js"},"_npmUser":{"name":"interpoolx","email":"advrajeshkumar90@gmail.com"},"repository":{"url":"git+https://github.com/yourusername/supasec.git","type":"git"},"_npmVersion":"11.6.2","description":"A free, open-source CLI tool for comprehensive Supabase security auditing","directories":{},"_nodeVersion":"24.11.1","dependencies":{"ora":"^7.0.1","axios":"^1.6.0","boxen":"^7.1.1","chalk":"^4.1.2","cheerio":"^1.0.0-rc.12","enquirer":"^2.4.1","commander":"^11.1.0","puppeteer":"^21.5.0","cli-table3":"^0.6.3","@supabase/supabase-js":"^2.38.0"},"_hasShrinkwrap":false,"devDependencies":{"glob":"^13.0.0","jest":"^29.7.0","eslint":"^9.39.2","rimraf":"^6.1.2","ts-jest":"^29.1.0","typescript":"^5.2.0","@types/jest":"^29.5.0","@types/node":"^20.8.0","@types/phoenix":"^1.6.7","@types/json-schema":"^7.0.15","@typescript-eslint/parser":"^8.54.0","@humanwhocodes/config-array":"^0.13.0","@humanwhocodes/object-schema":"^2.0.3","@typescript-eslint/eslint-plugin":"^8.54.0"},"_npmOperationalInternal":{"tmp":"tmp/supasec_1.0.2_1769617128765_0.3044605311332047","host":"s3://npm-registry-packages-npm-production"}},"1.0.3":{"name":"supasec","version":"1.0.3","keywords":["supabase","security","audit","cli","rls","scanner","vulnerability","pentesting"],"author":{"name":"SupaSec Team"},"license":"MIT","_id":"supasec@1.0.3","maintainers":[{"name":"interpoolx","email":"advrajeshkumar90@gmail.com"}],"homepage":"https://github.com/yourusername/supasec#readme","bugs":{"url":"https://github.com/yourusername/supasec/issues"},"bin":{"supasec":"dist/cli.js"},"dist":{"shasum":"a04c95c7753cd9513ea78d3ec735ab791243c4b7","tarball":"https://registry.npmjs.org/supasec/-/supasec-1.0.3.tgz","fileCount":90,"integrity":"sha512-x761/XDzthBuGNdgZCIABT0CrbMldhzqjAx9SeP9QeiNgUhfKOWmhaZfcsnUj6Q3tMMelkylhVHXxMslzAg6Sg==","signatures":[{"sig":"MEYCIQCfOxxvj/vYRR2BKauE4Ev4bmtyAl6hDf8f4H47zNNAQAIhAL0BvAprKHns/KEewQMddzuWEc7MnI75zz0sswcqsg9B","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":594116},"main":"dist/index.js","types":"dist/index.d.ts","engines":{"node":">=18.0.0"},"gitHead":"eb434f31a7f9a2e16f113699a5fff7f350e3983a","scripts":{"dev":"tsc --watch","lint":"eslint src/**/*.ts","test":"jest","build":"tsc","start":"node dist/cli.js","prepare":"npm run build","publish-version":"node scripts/publish.js"},"_npmUser":{"name":"interpoolx","email":"advrajeshkumar90@gmail.com"},"repository":{"url":"git+https://github.com/yourusername/supasec.git","type":"git"},"_npmVersion":"11.6.2","description":"A free, open-source CLI tool for comprehensive Supabase security auditing","directories":{},"_nodeVersion":"24.11.1","dependencies":{"ora":"^7.0.1","axios":"^1.6.0","boxen":"^7.1.1","chalk":"^4.1.2","cheerio":"^1.0.0-rc.12","enquirer":"^2.4.1","commander":"^11.1.0","puppeteer":"^21.5.0","cli-table3":"^0.6.3","@supabase/supabase-js":"^2.38.0"},"_hasShrinkwrap":false,"devDependencies":{"glob":"^13.0.0","jest":"^29.7.0","eslint":"^9.39.2","rimraf":"^6.1.2","ts-jest":"^29.1.0","typescript":"^5.2.0","@types/jest":"^29.5.0","@types/node":"^20.8.0","@types/phoenix":"^1.6.7","@types/json-schema":"^7.0.15","@typescript-eslint/parser":"^8.54.0","@humanwhocodes/config-array":"^0.13.0","@humanwhocodes/object-schema":"^2.0.3","@typescript-eslint/eslint-plugin":"^8.54.0"},"_npmOperationalInternal":{"tmp":"tmp/supasec_1.0.3_1769620817828_0.9833767829627269","host":"s3://npm-registry-packages-npm-production"}},"1.0.4":{"name":"supasec","version":"1.0.4","keywords":["supabase","security","audit","cli","rls","scanner","vulnerability","pentesting"],"author":{"name":"SupaSec Team"},"license":"MIT","_id":"supasec@1.0.4","maintainers":[{"name":"interpoolx","email":"advrajeshkumar90@gmail.com"}],"homepage":"https://github.com/yourusername/supasec#readme","bugs":{"url":"https://github.com/yourusername/supasec/issues"},"bin":{"supasec":"dist/cli.js"},"dist":{"shasum":"823982d3b01469087bde8e9f1dddd5278627463e","tarball":"https://registry.npmjs.org/supasec/-/supasec-1.0.4.tgz","fileCount":69,"integrity":"sha512-XgjrnDAFmp+Mh2I/v8nWW8ZRglVppM5g0mBXKy90emvDgz2ZTZTxMqrilfS2r9pd1OnKd3ZGQ8l1uX01WY4PCw==","signatures":[{"sig":"MEYCIQCa2NoE6ZzamKiAft71adKfuleNN/MSFXgzswksOLVQ+AIhALTmKSC5y33XycINKmVw63LGleUNm303Q2kvfn2/e8Aq","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":217299},"main":"dist/index.js","types":"dist/index.d.ts","engines":{"node":">=18.0.0"},"gitHead":"eb434f31a7f9a2e16f113699a5fff7f350e3983a","scripts":{"dev":"tsc --watch","lint":"eslint src/**/*.ts","test":"jest","build":"tsc","start":"node dist/cli.js","prepare":"npm run build","publish-version":"node scripts/publish.js"},"_npmUser":{"name":"interpoolx","email":"advrajeshkumar90@gmail.com"},"repository":{"url":"git+https://github.com/yourusername/supasec.git","type":"git"},"_npmVersion":"11.6.2","description":"A free, open-source CLI tool for comprehensive Supabase security auditing","directories":{},"_nodeVersion":"24.11.1","dependencies":{"ora":"^7.0.1","axios":"^1.6.0","boxen":"^7.1.1","chalk":"^4.1.2","cheerio":"^1.0.0-rc.12","enquirer":"^2.4.1","commander":"^11.1.0","puppeteer":"^21.5.0","cli-table3":"^0.6.3","@supabase/supabase-js":"^2.38.0"},"_hasShrinkwrap":false,"devDependencies":{"glob":"^13.0.0","jest":"^29.7.0","eslint":"^9.39.2","rimraf":"^6.1.2","ts-jest":"^29.1.0","typescript":"^5.2.0","@types/jest":"^29.5.0","@types/node":"^20.8.0","@types/phoenix":"^1.6.7","@types/json-schema":"^7.0.15","@typescript-eslint/parser":"^8.54.0","@humanwhocodes/config-array":"^0.13.0","@humanwhocodes/object-schema":"^2.0.3","@typescript-eslint/eslint-plugin":"^8.54.0"},"_npmOperationalInternal":{"tmp":"tmp/supasec_1.0.4_1769621131046_0.8258280006297638","host":"s3://npm-registry-packages-npm-production"}},"1.0.5":{"name":"supasec","version":"1.0.5","keywords":["supabase","security","audit","cli","rls","scanner","vulnerability","pentesting"],"author":{"name":"SupaSec Team"},"license":"MIT","_id":"supasec@1.0.5","maintainers":[{"name":"interpoolx","email":"advrajeshkumar90@gmail.com"}],"homepage":"https://github.com/yourusername/supasec#readme","bugs":{"url":"https://github.com/yourusername/supasec/issues"},"bin":{"supasec":"dist/cli.js"},"dist":{"shasum":"b3081fa34f0f0f49d1a74d8577d3074875231b2b","tarball":"https://registry.npmjs.org/supasec/-/supasec-1.0.5.tgz","fileCount":128,"integrity":"sha512-19A0CqORipXO8Qc9cJyt2nz5mCQ53MgsoQDB9ijLl+rbz69zr4KfFmWK++ImGI0s7FjDAdNTN9AT9IWcrKWUNA==","signatures":[{"sig":"MEUCIQDs1DSuorvWN7Qyqt718FiEILnH74A34FNr7M8i1PLVaQIgYkI98ca9yugo+TLbAUYr8DnWMJ+tr+tnsAlLxdh4nQI=","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":589056},"main":"dist/index.js","types":"dist/index.d.ts","engines":{"node":">=18.0.0"},"gitHead":"eb434f31a7f9a2e16f113699a5fff7f350e3983a","scripts":{"dev":"tsc --watch","lint":"eslint src/**/*.ts","test":"jest","build":"tsc","start":"node dist/cli.js","prepare":"npm run build","publish-version":"node scripts/publish.js"},"_npmUser":{"name":"interpoolx","email":"advrajeshkumar90@gmail.com"},"repository":{"url":"git+https://github.com/yourusername/supasec.git","type":"git"},"_npmVersion":"11.6.2","description":"A free, open-source CLI tool for comprehensive Supabase security auditing","directories":{},"_nodeVersion":"24.11.1","dependencies":{"ora":"^7.0.1","axios":"^1.6.0","boxen":"^7.1.1","chalk":"^4.1.2","cheerio":"^1.0.0-rc.12","enquirer":"^2.4.1","commander":"^11.1.0","puppeteer":"^21.5.0","cli-table3":"^0.6.3","@supabase/supabase-js":"^2.38.0"},"_hasShrinkwrap":false,"devDependencies":{"glob":"^13.0.0","jest":"^29.7.0","eslint":"^9.39.2","rimraf":"^6.1.2","ts-jest":"^29.1.0","typescript":"^5.2.0","@types/jest":"^29.5.0","@types/node":"^20.8.0","@types/phoenix":"^1.6.7","@types/json-schema":"^7.0.15","@typescript-eslint/parser":"^8.54.0","@humanwhocodes/config-array":"^0.13.0","@humanwhocodes/object-schema":"^2.0.3","@typescript-eslint/eslint-plugin":"^8.54.0"},"_npmOperationalInternal":{"tmp":"tmp/supasec_1.0.5_1769629860493_0.180318897278805","host":"s3://npm-registry-packages-npm-production"}},"1.0.6":{"name":"supasec","version":"1.0.6","description":"A free, open-source CLI tool for comprehensive Supabase security auditing","main":"dist/index.js","types":"dist/index.d.ts","bin":{"supasec":"dist/cli.js"},"scripts":{"build":"tsc","dev":"tsc --watch","start":"node dist/cli.js","lint":"eslint src/**/*.ts","test":"jest","prepare":"npm run build","publish-version":"node scripts/publish.js"},"keywords":["supabase","security","audit","cli","rls","scanner","vulnerability","pentesting"],"author":{"name":"SupaSec Team"},"license":"MIT","repository":{"type":"git","url":"git+https://github.com/yourusername/supasec.git"},"bugs":{"url":"https://github.com/yourusername/supasec/issues"},"homepage":"https://github.com/yourusername/supasec#readme","engines":{"node":">=18.0.0"},"dependencies":{"@supabase/supabase-js":"^2.38.0","axios":"^1.6.0","boxen":"^7.1.1","chalk":"^4.1.2","cheerio":"^1.0.0-rc.12","cli-table3":"^0.6.3","commander":"^11.1.0","enquirer":"^2.4.1","ora":"^7.0.1","puppeteer":"^21.5.0"},"devDependencies":{"@humanwhocodes/config-array":"^0.13.0","@humanwhocodes/object-schema":"^2.0.3","@types/jest":"^29.5.0","@types/json-schema":"^7.0.15","@types/node":"^20.8.0","@types/phoenix":"^1.6.7","@typescript-eslint/eslint-plugin":"^8.54.0","@typescript-eslint/parser":"^8.54.0","eslint":"^9.39.2","glob":"^13.0.0","jest":"^29.7.0","rimraf":"^6.1.2","ts-jest":"^29.1.0","typescript":"^5.2.0"},"gitHead":"eb434f31a7f9a2e16f113699a5fff7f350e3983a","_id":"supasec@1.0.6","_nodeVersion":"24.11.1","_npmVersion":"11.6.2","dist":{"integrity":"sha512-Yo2IQST3KzDsCKCGDjKxEEvuHo9WAGoO9DO4pygU1w+WbiDufI8x7AmrlLcBgMv0IvI/4+TWA5sCifBFFoZ9sQ==","shasum":"d2121bfef3a109cc1a86aa5f1b1be4ad00f1ef1b","tarball":"https://registry.npmjs.org/supasec/-/supasec-1.0.6.tgz","fileCount":130,"unpackedSize":672980,"signatures":[{"keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U","sig":"MEYCIQC4wGG0nJ/3kmxd9GRYpSt9JOAnd3z6ndQRnFK1ABYxfgIhAMV50JPjP2DUu6MnlLSHga2rP+3/ZUCZtkA0qRR1AuX5"}]},"_npmUser":{"name":"interpoolx","email":"advrajeshkumar90@gmail.com"},"directories":{},"maintainers":[{"name":"interpoolx","email":"advrajeshkumar90@gmail.com"}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages-npm-production","tmp":"tmp/supasec_1.0.6_1769630848950_0.09888373771994896"},"_hasShrinkwrap":false}},"time":{"created":"2026-01-28T16:05:38.040Z","modified":"2026-01-28T20:07:29.258Z","1.0.0":"2026-01-28T16:05:38.181Z","1.0.1":"2026-01-28T16:18:23.666Z","1.0.2":"2026-01-28T16:18:48.909Z","1.0.3":"2026-01-28T17:20:17.985Z","1.0.4":"2026-01-28T17:25:31.199Z","1.0.5":"2026-01-28T19:51:00.661Z","1.0.6":"2026-01-28T20:07:29.150Z"},"bugs":{"url":"https://github.com/yourusername/supasec/issues"},"author":{"name":"SupaSec Team"},"license":"MIT","homepage":"https://github.com/yourusername/supasec#readme","keywords":["supabase","security","audit","cli","rls","scanner","vulnerability","pentesting"],"repository":{"type":"git","url":"git+https://github.com/yourusername/supasec.git"},"description":"A free, open-source CLI tool for comprehensive Supabase security auditing","maintainers":[{"name":"interpoolx","email":"advrajeshkumar90@gmail.com"}],"readme":"# 🔒 SupaSec\r\n\r\nA free, open-source CLI tool for comprehensive Supabase security auditing.\r\n\r\n[![npm version](https://badge.fury.io/js/supasec.svg)](https://www.npmjs.com/package/supasec)\r\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\r\n\r\n## 🚀 Quick Start\r\n\r\nScan any Supabase-powered website instantly:\r\n\r\n```bash\r\nnpx supasec scan https://myapp.com\r\n```\r\n\r\n## ✨ Features\r\n\r\n- **🔍 Secret Detection** - Find exposed API keys, service role keys, and credentials with JWT permission level analysis\r\n- **🛡️ RLS Analysis** - Detect missing or misconfigured Row Level Security policies\r\n- **🧪 RLS Fuzzing** - Actually test data access to confirm RLS effectiveness\r\n- **⚡ RPC Scanner** - Detect dangerous RPC functions and SQL injection risks\r\n- **🗄️ Storage Scanner** - Check bucket ACLs, file type restrictions, and exposed sensitive files\r\n- **🔐 Auth Config** - Validate MFA, password policies, email verification, and JWT settings\r\n- **📜 Git History** - Scan commits for secrets and .env files\r\n- **📸 Snapshots** - Track security posture changes over time with diff capabilities\r\n- **📊 Security Grading** - Get an A-F grade with actionable recommendations\r\n- **🔧 Auto-Fix** - Interactive wizard to automatically fix vulnerabilities\r\n- **📈 CI/CD Ready** - Integrate with GitHub Actions, GitLab CI, and more\r\n- **💯 Free & Open Source** - No paywalls, no subscriptions\r\n\r\n## 📋 Installation\r\n\r\n### Using npx (Recommended)\r\n\r\n```bash\r\nnpx supasec scan <url>\r\n```\r\n\r\n### Global Installation\r\n\r\n```bash\r\nnpm install -g supasec\r\nsupasec scan <url>\r\n```\r\n\r\n## 🔧 Usage\r\n\r\n### Basic Scan\r\n\r\n```bash\r\n# Scan a website\r\nsupasec scan https://myapp.com\r\n\r\n# Scan with authentication\r\nsupasec scan https://myapp.com --project-url https://abc.supabase.co --service-key xxx\r\n\r\n# Deep scan with RLS fuzzing\r\nsupasec scan https://myapp.com --deep --project-url https://abc.supabase.co --anon-key xxx\r\n\r\n# Scan local project\r\nsupasec scan --local\r\n\r\n# Create security snapshot\r\nsupasec snapshot create --name pre-deploy-v1.0.6\r\n\r\n# Compare snapshots\r\nsupasec snapshot diff pre-deploy-v1.0.6 post-deploy-v1.0.6\r\n```\r\n\r\n### Output Formats\r\n\r\n```bash\r\n# Terminal output (default)\r\nsupasec scan https://myapp.com\r\n\r\n# JSON output\r\nsupasec scan https://myapp.com --format json\r\n\r\n# HTML report\r\nsupasec scan https://myapp.com --format html --output report.html\r\n```\r\n\r\n### CI/CD Integration\r\n\r\n```bash\r\n# Fail on critical or high severity issues\r\nsupasec scan https://myapp.com --fail-on critical,high\r\n\r\n# Quiet mode for CI\r\nsupasec scan https://myapp.com --format json --quiet --output audit.json\r\n```\r\n\r\n## 🛠️ Auto-Fix (Coming Soon)\r\n\r\nFix vulnerabilities interactively:\r\n\r\n```bash\r\nsupasec fix --interactive\r\n```\r\n\r\nOr apply fixes automatically:\r\n\r\n```bash\r\nsupasec fix --auto --backup\r\n```\r\n\r\n> Note: The fix command is planned for a future release.\r\n\r\n## 🔐 Security Checks\r\n\r\nSupaSec performs comprehensive security checks across multiple categories:\r\n\r\n### Secrets Detection\r\n- ✅ Service role key exposure with JWT permission analysis\r\n- ✅ Anon key validation and permission levels\r\n- ✅ Third-party API keys (Stripe, OpenAI, AWS, etc.)\r\n- ✅ JWT token exposure and decoding\r\n- ✅ Private keys in bundles\r\n- ✅ Git history scanning for committed secrets\r\n\r\n### RLS Security\r\n- ✅ Tables without RLS enabled\r\n- ✅ Missing RLS policies\r\n- ✅ Bypass policies (`USING (true)`)\r\n- ✅ Missing user isolation\r\n- ✅ Public role access\r\n- ✅ 🆕 RLS Fuzzing - Actually test data access\r\n- ✅ 🆕 Row count estimation for exposed data\r\n\r\n### Authentication\r\n- ✅ Password policy strength\r\n- ✅ MFA configuration and enforcement\r\n- ✅ Email verification requirements\r\n- ✅ JWT expiry settings\r\n- ✅ Refresh token rotation\r\n- ✅ Session timeout configuration\r\n- ✅ Secure email change\r\n\r\n### Storage Security\r\n- ✅ Public bucket exposure\r\n- ✅ File type restrictions\r\n- ✅ File size limits\r\n- ✅ Dangerous MIME type detection\r\n- ✅ Exposed sensitive files (.env, keys)\r\n\r\n### RPC Security\r\n- ✅ 🆕 Dangerous function name patterns\r\n- ✅ 🆕 SECURITY DEFINER checks\r\n- ✅ 🆕 SQL injection risk detection\r\n\r\n### Git Security\r\n- ✅ 🆕 Committed .env files\r\n- ✅ 🆕 Secrets in commit messages\r\n- ✅ 🆕 Private keys in history\r\n- ✅ 🆕 Stashed secrets\r\n\r\n### Snapshot & Diff\r\n- ✅ 🆕 Create security snapshots\r\n- ✅ 🆕 Compare snapshots over time\r\n- ✅ 🆕 Track security posture changes\r\n- ✅ 🆕 Grade change tracking\r\n\r\n### API Security\r\n- ✅ CORS configuration\r\n- ✅ GraphQL introspection\r\n\r\n## 📊 Example Output\r\n\r\n```\r\n🔍 SupaSec - Supabase Security Audit v1.0.6\r\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\r\n\r\n🎯 Target: https://myapp.com\r\n⏱️  Started: 2026-01-28T14:23:15.000Z\r\n\r\n✓ Detected Supabase project\r\n  Found 12 tables, 8 RPCs, 3 storage buckets\r\n\r\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\r\n📊 SCAN SUMMARY\r\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\r\n\r\n❌ CRITICAL: 1 issues\r\n⚠️  HIGH: 2 issues\r\n⚡ MEDIUM: 1 issues\r\n\r\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\r\n❌ CRITICAL (1 issues)\r\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\r\n\r\n┌─ RLS-001: Table 'users' has RLS disabled\r\n│ The table 'users' does not have Row Level Security enabled.\r\n│\r\n│ Location: public.users\r\n│ Impact: Complete exposure of 1847 records\r\n│\r\n│ Fix: Enable Row Level Security on table 'users'\r\n│ SQL:\r\n│   ALTER TABLE public.users ENABLE ROW LEVEL SECURITY;\r\n│   CREATE POLICY \"Users can only access own data\"\r\n│     ON public.users FOR SELECT\r\n│     USING (auth.uid() = id);\r\n└\r\n\r\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\r\n📈 SECURITY GRADE\r\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\r\n\r\n  Grade D - 45/100\r\n  Below average - serious issues found.\r\n\r\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\r\n🛠️  QUICK ACTIONS\r\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\r\n\r\nFix critical issues now:\r\n  $ supasec fix --interactive\r\n\r\nView detailed report:\r\n  $ supasec report --format html --output report.html\r\n```\r\n\r\n## 🔄 CI/CD Integration\r\n\r\n### GitHub Actions\r\n\r\n```yaml\r\nname: Security Audit\r\n\r\non: [push, pull_request]\r\n\r\njobs:\r\n  security:\r\n    runs-on: ubuntu-latest\r\n    steps:\r\n      - uses: actions/checkout@v3\r\n      \r\n      - name: Run SupaSec Security Scan\r\n        run: |\r\n          npx supasec scan https://staging.myapp.com \\\r\n            --format json \\\r\n            --fail-on critical,high \\\r\n            --output audit.json\r\n      \r\n      - name: Upload Report\r\n        if: always()\r\n        uses: actions/upload-artifact@v3\r\n        with:\r\n          name: security-report\r\n          path: audit.json\r\n```\r\n\r\n### GitLab CI\r\n\r\n```yaml\r\nsecurity_scan:\r\n  stage: security\r\n  image: node:18\r\n  script:\r\n    - npx supasec scan $STAGING_URL\r\n        --format json\r\n        --output audit.json\r\n        --fail-on critical,high\r\n  artifacts:\r\n    paths:\r\n      - audit.json\r\n```\r\n\r\n## 📚 Documentation\r\n\r\n- [Full Documentation](https://github.com/yourusername/supasec/wiki)\r\n- [Configuration Guide](https://github.com/yourusername/supasec/wiki/Configuration)\r\n- [CI/CD Integration](https://github.com/yourusername/supasec/wiki/CI-CD)\r\n- [API Reference](https://github.com/yourusername/supasec/wiki/API)\r\n\r\n## 🤝 Contributing\r\n\r\nWe welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.\r\n\r\n### Development Setup\r\n\r\n```bash\r\n# Clone the repository\r\ngit clone https://github.com/yourusername/supasec.git\r\ncd supasec\r\n\r\n# Install dependencies\r\nnpm install\r\n\r\n# Build the project\r\nnpm run build\r\n\r\n# Run in development mode\r\nnpm run dev\r\n\r\n# Run tests\r\nnpm test\r\n```\r\n\r\n## 📄 License\r\n\r\nMIT License - see [LICENSE](LICENSE) file for details.\r\n\r\n## 🙏 Acknowledgments\r\n\r\n- Inspired by [AuditYour.App](https://audityour.app), [SupaShield](https://github.com/steve-chavez/supashield), and other Supabase security tools\r\n- Built with ❤️ for the Supabase community\r\n\r\n## 📞 Support\r\n\r\n- [GitHub Issues](https://github.com/yourusername/supasec/issues)\r\n- [Discord Community](https://discord.gg/supasec)\r\n- [Twitter/X: @supasec](https://twitter.com/supasec)\r\n\r\n---\r\n\r\n**Made with 🔒 by the SupaSec Team**\r\n","readmeFilename":"README.md"}