Free Supabase project security scan offer

context: i posted here a few days ago about scanning 100 random supabase projects from github. 22% leak user data via the anon key. a lot of you asked if i could scan their projects too.

so here is the offer. completely free for first 20.

what i do:

• you give me the public URL of your supabase project (the https://abc.supabase.co one) and your anon key. nothing more.
• i run my open source CLI scanner against it from my machine.
• if i find anything (RLS off on a sensitive table, exposed schema, etc) i email you the findings with exact curl proof and the SQL to fix each one.
• if your project is clean i tell you that too. some projects ARE done right.

what i dont do:

• never read row contents. only counts via Range 0-0. that's enough to know if a leak exists.
• never publish your project name. ever.
• not selling a thing in this thread. ill mention my paid service ($99 fix-it-for-you) at the end of YOUR report if you want it. zero pressure. most people just fix it themselves once they see the findings, that's fine.

why free:

• im trying to build distribution for the open source scanner. each report you share back (anonymized) is social proof.
• found 3 critical leaks this morning doing this manually. one had service_role committed. one had 1843 user profiles readable by anyone. one had 1115 staff records exposed.
• i'd rather find them before some kid with a python script does and dumps them.

how to ask:

• drop your URL in a comment OR
• DM me your URL + anon key if you'd rather keep it off public log

ill work through them in order. 24-48h turnaround. if you read this 3 days from now and the spots are full ill probably do another batch the following weekend.

tool im using is open source if you want to skip the wait: npx @perufitlife/supabase-security --discover --url YOUR_URL --key YOUR_ANON_KEY. runs entirely on your machine, nothing leaves your terminal. that's also free, just no human eyes on it.