supabase-js
Supabase-js is a TypeScript/JavaScript SDK that provides a unified client for interacting with Supabase backend services, including PostgreSQL databases, real-time subscriptions, file storage, authentication, and serverless functions. It works across Node.js, browsers, Deno, and other modern runtimes.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | supabase/supabase-js |
| Owner | supabase |
| Primary language | TypeScript |
| License | MIT — OSI-approved |
| Stars | 4.5k |
| Forks | 692 |
| Open issues | 58 |
| Latest release | v2.110.1 (2026-07-07) |
| Last updated | 2026-07-07 |
| Source | https://github.com/supabase/supabase-js |
What supabase-js is
An isomorphic JavaScript SDK exposing PostgREST, real-time, authentication, storage, and edge functions APIs through modular sub-packages. Built in TypeScript with support for Node.js LTS (22+), modern browsers (fetch/WebSocket), Deno stable/lts, Bun, React Native, and Cloudflare Workers.
Get the supabase-js source
Clone the repository and explore it locally.
git clone https://github.com/supabase/supabase-js.gitcd supabase-js# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Node.js support follows strict LTS policy: only Active/Maintenance versions. Current minimum is Node.js 22; verify your deployment target aligns before adoption.
- Real-time features require native WebSocket support; verify target environment (browser, runtime) capability or provide polyfills for React Native.
- Monorepo structure with modular packages (@supabase/auth-js, @supabase/postgrest-js, etc.); import only needed modules to minimize bundle size.
- Watch for minor-version drops in support for Deno, Bun, and React Native without breaking-change labels; pin versions cautiously if running non-LTS runtimes.
- Experimental features may be removed without notice; avoid relying on APIs marked experimental for production critical paths.
When to avoid it — and what to weigh
- Not locked into Supabase platform — This SDK is tightly coupled to Supabase services. If you need database agnosticity or plan to migrate from Supabase, consider a more generic database client (e.g., pg, Prisma).
- Legacy Node.js runtime requirements — Node.js 18 was dropped in v2.79.0 and Node.js 20 dropped in v2.110.0. Projects on EOL versions must pin an older SDK version indefinitely.
- Strict supply-chain requirements — While npm provenance attestations are available, critical applications should audit the full dependency tree and lock precise versions given the monorepo's scope.
- Offline-first or minimal connectivity scenarios — The SDK assumes reliable network access for real-time subscriptions and API calls; offline sync patterns are not built in.
License & commercial use
MIT License. Permissive, OSI-approved license allowing commercial use, modification, and distribution with attribution. No restrictions on proprietary code shipping this library.
MIT is a permissive OSI license. Commercial use is explicitly allowed. You may use supabase-js in closed-source, proprietary products without additional licensing. Retain copyright notices and license text as per MIT terms. No warranty or liability assumptions.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
MIT license includes no warranty. Provenance attestations available via npm audit signatures for supply-chain verification. Review the Security Policy (docs/SECURITY.md) for vulnerability reporting. SDK passes credentials (API keys, auth tokens) in requests; follow Supabase's npm security guide for defense against supply-chain attacks. No code review of security posture is provided here; audit dependencies and secrets management in your deployment.
Alternatives to consider
Prisma Client
Multi-database ORM (PostgreSQL, MySQL, SQLite, etc.) offering type safety and migrations. Use if you need database portability or advanced schema management beyond Supabase.
Drizzle ORM
Lightweight, TypeScript-first ORM with PostgreSQL support. Preferred for projects prioritizing minimal overhead and direct SQL control.
Apollo Client / Relay (GraphQL)
If using GraphQL APIs instead of REST/real-time subscriptions. Supabase supports GraphQL via PostgREST, but dedicated GraphQL clients offer stronger tooling.
Build on supabase-js with DEV.co software developers
Consider compatibility with your Node.js/runtime versions, lock-in to Supabase services, and real-time needs. Review the security policy and npm attestations. Contact us to discuss integration strategy.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
supabase-js FAQ
Can I use supabase-js outside Supabase?
What Node.js versions are supported?
Does supabase-js work in Cloudflare Workers?
What's the difference between importing @supabase/supabase-js vs @supabase/postgrest-js?
Work with a software development agency
DEV.co helps companies turn open-source tools like supabase-js into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source databases stack.
Ready to evaluate Supabase-js for your stack?
Consider compatibility with your Node.js/runtime versions, lock-in to Supabase services, and real-time needs. Review the security policy and npm attestations. Contact us to discuss integration strategy.