Here's everything that happened with Supabase in the last month:
Connect any OAuth2 or OpenID Connect identity provider to your Supabase project, including GitHub Enterprise, regional IdPs, and any standards-compliant provider, with PKCE enabled by default.
[Blog]
Starting April 28, new Supabase projects can opt out of automatic Data API exposure for public schema tables. Explicit Postgres grants are now required to make a table reachable via PostgREST or GraphQL. This becomes the default for all new projects on May 30.
[GitHub Discussion]
Supabase is certified to ISO/IEC 27001:2022, covering the information security management system across the entire platform.
[Blog]
The Stripe Sync Engine, originally built by Supabase, is now part of the Stripe GitHub org. It is open source and maintained by Stripe going forward.
[Blog]
Help shape the direction of Supabase. The brand survey takes a few minutes and closes soon.
[Take the survey]
A new SDK that handles auth, client creation, CORS, and context injection across runtimes. Works on Edge Functions, Vercel Functions, Deno, Bun, and Cloudflare Workers.
[Blog] [Docs]
- The Supabase app in the Stripe Marketplace is now generally available. [Stripe Marketplace]
- Branching without Git is now the default. Create branches directly from the dashboard without a GitHub integration. [Blog]
- Data API settings revamped: new per-table and per-function toggles let you control which tables are exposed to PostgREST and GraphQL, with a default-privileges switch at project creation. [Docs]
- The Supabase changelog now has RSS feeds, tag filtering, and a
.md feed, plus links to copy any entry as Markdown or ask Claude/ChatGPT. [Changelog]
- Wrappers v0.6.0 ships with a new OpenAPI FDW, Snowflake timeout support, Clerk CRUD, and several bug fixes. [GitHub] [Docs]
- Supabase Agent Skills: an open-source set of instructions that teach AI coding agents how to build on Supabase correctly. [Blog]
- Terraform Provider v1.9.0 adds Edge Functions resource, Edge Function secrets resource, and a network bans data source. [Docs]
- Replist: Track your repertoire, sharpen your practice, and connect with the musicians you play with. [Website]
- Grepture: Trace, evaluate, and protect every LLM call. Drop-in SDK. 80+ detection rules. [Website]
- Causo: Agents that connect you with best fit partners at VCs. [Website]
- Screenfully: An app demo creator on your phone. No need to connect to a Mac. [Website]
- Anamap: Cartos by Anamap is an AI agent that investigates your dashboards, site behavior, and code releases to find the root cause of metric drops in plain English. [Website]
- Crewform: Build your AI team with Crewform. Orchestrate specialized, autonomous agents to collaborate on complex tasks and connect outputs to your stack. [GitHub]
- The Supabase GitHub repo hit 100K stars and 8 million developers. [Blog]
- Introducing the OSSCAR: An index of the fastest-growing open-source orgs. [Blog]
- The State of Startups 2026 survey is still open. [Survey]
- How I Scaled My NextJS + Supabase App to 25,000 Users [YouTube]
- Stop Building Custom Auth — Auth0 vs Supabase: One Saved Us 3 Months of Engineering Work [Blog]
This discussion was created from the release Developer Update - May 2026.