@supabase/server is in public beta. One package that handles auth verification, client setup, request context, and CORS for Supabase server-side runtimes: Edge Functions, Vercel Functions, Cloudflare Workers, Bun, Hono and any runtime that supports the standard Request/Response Web API.
We anonymously analyzed 25,000 deployed Edge Functions and saw the same boilerplate everywhere: create clients, verify JWTs, parse claims, handle CORS, copy/paste _shared/*.ts between functions. Adopting the new asymmetric API keys made the migration even more painful: jose, JWKS endpoints, custom middleware, manual secret wiring. This package removes all of it.
withSupabase({ auth: 'user' | 'none' | 'secret' | 'publishable' }, handler) for per-endpoint access control. Combine modes (['user', 'secret']) when needed.Ana introduces the public beta of @supabase/server, a package designed to simplify auth verification, client setup, request context, and CORS for Supabase server-side runtimes. It aims to eliminate boilerplate code and streamline the use of new asymmetric API keys. Ana invites feedback on the API surface and adapter patterns.
ctx with the things you'd otherwise wire up: user-scoped client, admin client, verified identity, JWT claims, auth mode.verifyAuth, createContextClient, createAdminClient, resolveEnv) for custom routing, MCP servers, and framework adapters.npm install @supabase/server@latest
npx skills add supabase/server
The skill gives Claude Code, Codex, Cursor and any agentic coding tool full context on the API surface.
Full writeup: https://supabase.com/blog/introducing-supabase-server
If you use @supabase/ssr for cookie-based sessions in Next.js or SvelteKit, the two coexist. Deeper integration with @supabase/ssr is on the roadmap.
Open an issue on the repo or reply here. Looking for feedback on the API surface, adapter patterns, and edge cases we haven't hit yet.