This product was not featured by Product Hunt yet. It will not be visible on their landing page and won't be ranked (cannot win product of the day regardless of upvotes).
Product upvotes vs the next 3
Waiting for data. Loading
Product comments vs the next 3
Waiting for data. Loading
Product upvote speed vs the next 3
Waiting for data. Loading
Product upvotes and comments
Waiting for data. Loading
Product vs the next 3
Loading
supafix
Fast security audit for Supabase projects. Fix it. Secure it
AI writes your Supabase code. It makes the same mistakes every time. supafix finds them in seconds, and fixes the ones it can. Supafixis a lightweight package that runs in your terminal. No run time dependencies, fast, secure and light.
Hey ProductHunt 👋 Vathsal here, one of the founders at Noblle.
Built this after we found a user_metadata RBAC bug in our own Supabase project, our RLS policy was checking
auth.jwt() -> 'user_metadata' ->> 'role', which means any user could just call supabase.auth.updateUser({ data: {
role: 'admin' } }) and promote themselves. Policy looked totally fine on review.
Started cataloguing all the Supabase security holes we kept seeing across projects and turned it into a scanner. The
getSession() vs getUser() one is the most common — they look identical, getSession() just never validates the token
with the Auth server so a crafted cookie walks right through.
npx supafix, no install, scans in under a second.
A few things I'd love feedback on:
- False positive rate : if it flags something that's genuinely fine, tell me. I'd rather it be quiet and right than
noisy and ignored.
- Missing checks : what Supabase footgun have you personally stepped on that we're not catching?
- The --fix flag : it generates a migration for missing RLS. Useful or too scary to trust?
All open source, MIT. GitHub's in the links.
About supafix on Product Hunt
“Fast security audit for Supabase projects. Fix it. Secure it”
supafix was submitted on Product Hunt and earned 4 upvotes and 1 comments, placing #155 on the daily leaderboard. AI writes your Supabase code. It makes the same mistakes every time. supafix finds them in seconds, and fixes the ones it can. Supafixis a lightweight package that runs in your terminal. No run time dependencies, fast, secure and light.
On the analytics side, supafix competes within Productivity, Open Source, Artificial Intelligence and GitHub — topics that collectively have 1.2M followers on Product Hunt. The dashboard above tracks how supafix performed against the three products that launched closest to it on the same day.
Who hunted supafix?
supafix was hunted by Vathsal Deliwal. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
For a complete overview of supafix including community comment highlights and product details, visit the product overview.