Install command
Provided
Build full-stack apps on Supabase via @supabase/supabase-js: a hosted Postgres database with row-level security, realtime subscriptions over websockets, Auth, storage, Edge Functions for serverless logic, and pgvector for embeddings.
Open the source and read safety notes before installing.
Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.
Decision playbook
Signals are comparatively strong, but you should still validate source, privacy posture, and package provenance for your environment.
0
96
—
No baseline selected
No major trust-signal divergence detected in the current selection.
Confirm ownership and provenance before trusting install instructions.
Source link availableRequired
Open the canonical repository and verify ownership.
Source provenance statusRequired
Marked as first-party.
Metadata reviewed
Registry metadata indicates a reviewed listing.
Validate risk disclosures before installation or API wiring.
Safety notes presentRequired
Review the listed safety guidance before running commands.
Privacy notes presentRequired
Review data handling notes before connecting accounts or secrets.
Trust level risk gateRequired
Trust level does not block evaluation.
Check package metadata and artifact integrity signals.
Install payload available
Install or copy payload is available for review.
Package verification flag
Package marked verified.
Checksum metadata
SHA-256 hash is present.
Use compare context to validate trade-offs before adoption.
Compare tray has multiple entries
Add at least one more entry to compare trust differences.
Baseline comparison available
No baseline peer selected yet.
Diverging trust signals identified
No major trust-signal divergence found.
Setup at a glance
Copy-ready — paste the snippet to get started.
Install command
Provided
Config snippet
Not provided
Copy snippet
Provided
Prerequisites
6 to clear
Platforms
6 listed
Difficulty
100/100
Adoption plan
Current risk score 0/100. Use staged verification before broader rollout.
Validate source and review signals before any execution.
Confirm source provenanceRequired
Source URL/provenance metadata is present.
Confirm metadata review state
Listing has review metadata.
Verify install payload
Install/config payload exists and can be inspected.
Confirm safety, privacy, and package integrity signals.
Review safety notesRequired
Safety notes are present.
Review privacy notesRequired
Privacy notes are present.
Verify package integrity metadata
Package verification/checksum metadata is available.
Adopt in controlled steps based on the selected plan.
Run in isolated sandbox firstRequired
Use a constrained sandbox and observe behavior across multiple tasks.
Roll out graduallyRequired
Roll out to a small cohort before wider usage.
Set monitoring and fallback
Define rollback path and monitor errors after adoption.
Evidence readiness
Required evidence gates are covered (6/6 signals complete).
Source repository/provenance is listed.
Required in this preset
Review metadata is present.
Required in this preset
Safety notes are present.
Required in this preset
Privacy notes are present.
Optional in this preset
Package integrity metadata is present.
Optional in this preset
Install payload is available.
Required in this preset
Required evidence gates are covered for this preset.
Decision timeline
6/6 steps complete with no blocking gaps for this preset.
triage
Source/provenance metadata is available.
triage
Review metadata is available.
verify
Safety notes are available.
verify
Privacy notes are available.
verify
Package integrity metadata is available.
rollout
Install payload is available.
No required blockers for this timeline preset.
Prerequisite readiness
6 prerequisites to line up before setup. Have accounts and credentials ready first.
Safety & privacy surface
2 safety and 2 privacy notes across 3 risk areas. Review closely: credentials & tokens.
| Platform | Support | Install path |
|---|---|---|
| claude-code | Native | .claude/skills/<skill-name>/SKILL.md |
| codex | Native | .agents/skills/<skill-name>/SKILL.md |
| windsurf | Native | .windsurf/skills/<skill-name>/SKILL.md |
| gemini | Native | .gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md |
| cursor | Adapter | .cursor/rules/<skill-name>.mdc |
| cli | Manual | AGENTS.md or tool-specific context file |
import { createClient } from '@supabase/supabase-js';
import { Database } from './types/supabase';
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const supabaseAnonKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
export const supabase = createClient<Database>(supabaseUrl, supabaseAnonKey);
export const createAuthenticatedClient = (accessToken: string) => {
return createClient<Database>(supabaseUrl, supabaseAnonKey, {
global: {
headers: {
Authorization: `Bearer ${accessToken}`,
},
},
});
};Build full-stack applications with Supabase Postgres, real-time subscriptions, Edge Functions, and pgvector AI integration for 4M+ developers. Create complete backend systems using Supabase - the open-source Firebase alternative with PostgreSQL database, real-time subscriptions via WebSockets (postgres_changes, broadcast, presence), built-in authentication with multiple providers, file storage with access control, and Edge Functions with Deno for custom business logic. Includes automatic REST and GraphQL APIs, Row Level Security (RLS) policies, TypeScript type generation, connection pooling, and pgvector for AI embeddings and similarity search.
Claude can build complete backend systems using Supabase, the open-source Firebase alternative that raised $100M at $5B valuation in October 2025. With 4M+ developers and enterprise-scale Multigres features launching, Supabase provides PostgreSQL database, real-time subscriptions, authentication, storage, and Edge Functions - all with automatic APIs and pgvector for AI embeddings.
SKILL.md.SKILL.md content as reusable workflow instructions..gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md where supported..cursor/rules/*.mdc adapter for project rules.Required:
What Claude handles automatically:
Prompt: "Set up a Supabase project for a task management app with users, projects, tasks tables. Include RLS policies and TypeScript types."
Claude will:
Prompt: "Build real-time chat functionality where users see messages instantly when posted. Include typing indicators and online presence."
Claude will:
Prompt: "Create a semantic search system using pgvector. Store document embeddings from OpenAI and enable similarity search with cosine distance."
Claude will:
Prompt: "Build Edge Functions that: send welcome emails on signup, process webhook from Stripe, and run nightly data aggregation job."
Claude will:
Supabase is often compared with Firebase as a backend-as-a-service; the core difference is Postgres vs a proprietary document store:
| Dimension | Supabase | Firebase |
|---|---|---|
| Database | Postgres (relational, SQL) | Firestore/RTDB (NoSQL document) |
| Realtime | Postgres changes, broadcast, presence | Realtime Database / Firestore listeners |
| Open source | Yes (self-hostable) | No |
| Auth & storage | Built-in (Postgres-backed) | Built-in (Google-backed) |
Choose Supabase when you want relational/SQL data, row-level security, and the option to self-host; Firebase when you prefer a fully managed Google ecosystem with a document model.
RLS is Critical: Always implement Row Level Security policies. Request policies that match your access patterns (user owns data, team members can access, public read).
Type Generation: Use supabase gen types typescript to generate TypeScript types. This ensures client code matches database schema.
Real-Time Channels: Supabase real-time has different channel types (postgres_changes, broadcast, presence). Specify which you need based on use case.
Edge Functions with Deno: Supabase uses Deno for Edge Functions. Request Deno-compatible code (no Node.js-specific APIs).
Storage Access Control: Storage buckets can be public or private. Request appropriate RLS policies for file access.
Connection Pooling: For serverless deployments, use Supabase connection pooling to avoid exceeding connection limits.
"Build a SaaS backend with Supabase:
1. Authentication with email, Google, GitHub OAuth
2. Organizations and team member management
3. Role-based access control (owner, admin, member)
4. Real-time activity feed
5. File uploads to Storage with access control
6. Billing integration with Stripe webhooks
7. Edge Functions for business logic
8. pgvector for AI-powered search"
"Create social media backend:
1. User profiles with avatars in Storage
2. Posts with likes, comments, shares
3. Real-time notifications
4. Follow/unfollow relationships
5. Feed algorithm with RLS
6. Direct messaging with presence
7. Content moderation Edge Function
8. Full-text search with PostgreSQL"
"Build IoT data collection system:
1. Device registration and authentication
2. Time-series data table with partitioning
3. Real-time sensor data streaming
4. Edge Functions for data aggregation
5. Alert system for threshold violations
6. Historical data analytics queries
7. Dashboard real-time updates
8. Export to CSV with Storage"
"Create knowledge base with AI:
1. Document storage with chunking
2. Generate embeddings with OpenAI
3. Store vectors in pgvector
4. Semantic search with similarity
5. Full-text search fallback
6. Real-time collaborative editing
7. Version history with temporal tables
8. Edge Function for embedding generation"
Issue: RLS policies blocking valid queries
Solution: Check policies with EXPLAIN to see applied policies. Use service role key for admin operations. Test policies in SQL editor with set role authenticated and set request.jwt.claim.sub = 'user-id'.
Issue: Real-time subscriptions not receiving updates Solution: Verify table has REPLICA IDENTITY configured. Check RLS policies allow SELECT on rows. Confirm real-time is enabled in Supabase dashboard. Use broadcast channels if PostgreSQL changes insufficient.
Issue: Edge Functions timing out Solution: Edge Functions have 60s limit. Optimize database queries. Use connection pooling. Move long-running tasks to background jobs. Check function logs in dashboard.
Issue: Type generation failing
Solution: Ensure PostgreSQL schema is valid. Check for circular foreign keys. Update Supabase CLI to latest. Use --local flag if working with local instance.
Issue: Storage upload fails Solution: Check bucket is created and RLS policies allow INSERT. Verify file size within limits. Check MIME type restrictions. Use service role for admin uploads.
Issue: Connection pool exhausted Solution: Use Supabase pooler (port 6543 instead of 5432). Implement connection caching. Close connections properly. Consider upgrading plan for more connections.
Show that Supabase Realtime Database Builder Skill is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/skills/supabase-realtime-database)Supabase Realtime Database Builder Skill side by side with 2 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
2 trust signals differ across this comparison (Package trust, Source provenance).
| Field | Build full-stack apps on Supabase via @supabase/supabase-js: a hosted Postgres database with row-level security, realtime subscriptions over websockets, Auth, storage, Edge Functions for serverless logic, and pgvector for embeddings. Open dossier | Official Supabase Agent Skills for AI coding agents working with Supabase Database, Auth, Edge Functions, Realtime, Storage, Vectors, CLI, MCP, RLS, migrations, and Postgres performance. Open dossier | Analyze and optimize PostgreSQL queries for OLTP and OLAP workloads with AI-assisted performance tuning, indexing strategies, and execution plan analysis. Open dossier |
|---|---|---|---|
| Next steps | |||
| Trust | |||
| Review status | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed |
| Package trustDiffers | Package verified2025-10-16 | Package not verified | Package verified2025-10-16 |
| Source provenanceDiffers | Source-backed | Source-backed | No submission link |
| Submitter | — | — | — |
| Install risk | Review first | Review first | Low risk |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Brand | — | ||
| Category | skills | skills | skills |
| Source | first-party | source-backed | first-party |
| Author | JSONbored | Supabase | JSONbored |
| Added | 2025-10-16 | 2026-06-18 | 2025-10-16 |
| Platforms | Claude CodeCodexWindsurfGeminiCursorCLI | Claude CodeCodexWindsurfGeminiCursorCLI | Claude CodeCodexWindsurfGeminiCursorCLI |
| Source repo | — | — | — |
| Safety notes | ✓This skill installs @supabase/supabase-js, connects to a live Supabase project, and performs database writes, Auth, and storage operations; review generated mutations and configure row-level security before running against real data. Realtime subscriptions and Edge Functions are long-lived/server-side workers; account for their lifecycle, connection limits, and cost. | ✓The skills guide agents toward Supabase schema, auth, RLS, migration, MCP, and Postgres work that can affect real user data; generated SQL and policies need human review. The Supabase skill explicitly treats RLS, exposed schemas, service-role keys, JWT claims, views, storage policies, and SECURITY DEFINER functions as security-sensitive areas. Do not let an agent apply migrations or production SQL just because the skill suggests a workflow; run advisors, inspect generated SQL, and verify against the intended environment. The repository includes Supabase MCP configuration for docs-only MCP access. Project-scoped MCP or database access still needs proper authentication, least privilege, and review. | ✓Setup downloads/unzips a package, and the skill connects to your database to run EXPLAIN ANALYZE and create indexes; index builds and config changes can lock tables and affect production — test against a replica or staging first. |
| Privacy notes | ✓Requires a Supabase project URL and API keys; keep the service-role key server-only and never ship it to the client — expose only the anon key via NEXT_PUBLIC_. The app reads and writes user data and embeddings in your Supabase Postgres database; use row-level security so each user can only access their own rows. | ✓Supabase tasks can involve schemas, SQL, RLS policies, migrations, auth settings, JWT claims, storage paths, Edge Function code, logs, and customer data. Keep SUPABASE_ACCESS_TOKEN, service_role keys, database passwords, JWT secrets, project refs, connection strings, OAuth secrets, and private schema dumps out of prompts, screenshots, public PRs, and committed configs. When using Supabase MCP or CLI tools, the connected agent may see project metadata, database structure, logs, or SQL results depending on granted permissions. Docs-only MCP access is safer than project MCP access, but user queries and docs snippets can still be forwarded into the configured model provider. | ✓Query analysis can surface table/column names and sample row values from your database; keep connection strings and credentials in environment variables and review what plans/output you share. |
| Prerequisites |
|
|
|
| Install | | | |
| Config | — | — | — |
| Citations | |||
| Claim | Unclaimed | Unclaimed | Unclaimed |
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.