DEV.co
Open-Source Databases · supabase

supabase-js

Supabase-js is a TypeScript/JavaScript SDK that provides a unified client for interacting with Supabase backend services, including PostgreSQL databases, real-time subscriptions, file storage, authentication, and serverless functions. It works across Node.js, browsers, Deno, and other modern runtimes.

Source: GitHub — github.com/supabase/supabase-js
4.5k
GitHub stars
692
Forks
TypeScript
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorysupabase/supabase-js
Ownersupabase
Primary languageTypeScript
LicenseMIT — OSI-approved
Stars4.5k
Forks692
Open issues58
Latest releasev2.110.1 (2026-07-07)
Last updated2026-07-07
Sourcehttps://github.com/supabase/supabase-js

What supabase-js is

An isomorphic JavaScript SDK exposing PostgREST, real-time, authentication, storage, and edge functions APIs through modular sub-packages. Built in TypeScript with support for Node.js LTS (22+), modern browsers (fetch/WebSocket), Deno stable/lts, Bun, React Native, and Cloudflare Workers.

Quickstart

Get the supabase-js source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/supabase/supabase-js.gitcd supabase-js# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Full-stack web applications with PostgreSQL backend

Ideal for React, Vue, Svelte, Nuxt, or vanilla JS apps needing database queries, real-time subscriptions, and authentication without managing separate backend APIs.

Real-time collaborative features

Native WebSocket-based real-time subscriptions enable presence, notifications, and live data updates in web and mobile applications.

Serverless and edge computing workflows

Seamless integration with Supabase Edge Functions and support for Cloudflare Workers and Deno enables rapid serverless application development.

Implementation considerations

  • Node.js support follows strict LTS policy: only Active/Maintenance versions. Current minimum is Node.js 22; verify your deployment target aligns before adoption.
  • Real-time features require native WebSocket support; verify target environment (browser, runtime) capability or provide polyfills for React Native.
  • Monorepo structure with modular packages (@supabase/auth-js, @supabase/postgrest-js, etc.); import only needed modules to minimize bundle size.
  • Watch for minor-version drops in support for Deno, Bun, and React Native without breaking-change labels; pin versions cautiously if running non-LTS runtimes.
  • Experimental features may be removed without notice; avoid relying on APIs marked experimental for production critical paths.

When to avoid it — and what to weigh

  • Not locked into Supabase platform — This SDK is tightly coupled to Supabase services. If you need database agnosticity or plan to migrate from Supabase, consider a more generic database client (e.g., pg, Prisma).
  • Legacy Node.js runtime requirements — Node.js 18 was dropped in v2.79.0 and Node.js 20 dropped in v2.110.0. Projects on EOL versions must pin an older SDK version indefinitely.
  • Strict supply-chain requirements — While npm provenance attestations are available, critical applications should audit the full dependency tree and lock precise versions given the monorepo's scope.
  • Offline-first or minimal connectivity scenarios — The SDK assumes reliable network access for real-time subscriptions and API calls; offline sync patterns are not built in.

License & commercial use

MIT License. Permissive, OSI-approved license allowing commercial use, modification, and distribution with attribution. No restrictions on proprietary code shipping this library.

MIT is a permissive OSI license. Commercial use is explicitly allowed. You may use supabase-js in closed-source, proprietary products without additional licensing. Retain copyright notices and license text as per MIT terms. No warranty or liability assumptions.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

MIT license includes no warranty. Provenance attestations available via npm audit signatures for supply-chain verification. Review the Security Policy (docs/SECURITY.md) for vulnerability reporting. SDK passes credentials (API keys, auth tokens) in requests; follow Supabase's npm security guide for defense against supply-chain attacks. No code review of security posture is provided here; audit dependencies and secrets management in your deployment.

Alternatives to consider

Prisma Client

Multi-database ORM (PostgreSQL, MySQL, SQLite, etc.) offering type safety and migrations. Use if you need database portability or advanced schema management beyond Supabase.

Drizzle ORM

Lightweight, TypeScript-first ORM with PostgreSQL support. Preferred for projects prioritizing minimal overhead and direct SQL control.

Apollo Client / Relay (GraphQL)

If using GraphQL APIs instead of REST/real-time subscriptions. Supabase supports GraphQL via PostgREST, but dedicated GraphQL clients offer stronger tooling.

Software development agency

Build on supabase-js with DEV.co software developers

Consider compatibility with your Node.js/runtime versions, lock-in to Supabase services, and real-time needs. Review the security policy and npm attestations. Contact us to discuss integration strategy.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

supabase-js FAQ

Can I use supabase-js outside Supabase?
No. supabase-js is designed exclusively for Supabase services. It hardcodes Supabase API contracts (PostgREST, realtime, storage endpoints, authentication). For generic PostgreSQL, use pg or Prisma.
What Node.js versions are supported?
Only Active LTS and Maintenance versions per the official Node.js schedule. As of the latest release (v2.110.1), Node.js 18 and 20 are dropped. Check the README for current minimum version; minor releases will drop EOL versions without warning.
Does supabase-js work in Cloudflare Workers?
Yes. SDK explicitly supports Cloudflare Workers runtime environments with native fetch. Realtime subscriptions require WebSocket support (available in Workers).
What's the difference between importing @supabase/supabase-js vs @supabase/postgrest-js?
@supabase/supabase-js is the combined main SDK including auth, database, realtime, storage, and functions. @supabase/postgrest-js is database-only. Import only what you need to minimize bundle size.

Work with a software development agency

DEV.co helps companies turn open-source tools like supabase-js into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source databases stack.

Ready to evaluate Supabase-js for your stack?

Consider compatibility with your Node.js/runtime versions, lock-in to Supabase services, and real-time needs. Review the security policy and npm attestations. Contact us to discuss integration strategy.