SupaShield

v0.2.1MIT License

Test your Supabase
RLS policies

Catch Supabase RLS security vulnerabilities before they reach production.
Find permission bugs before your users do.

Find Your Bugs NowView on GitHub
Quick Install
npm install -g supashield

RLS Testing is Broken

Deployed with confidence, only to find users can see each other's data.

Data Leaks

RLS policies fail silently. One bug exposes all user data.

Compliance fines, customer churn

Manual Testing

Testing by hand doesn't scale. Complex logic breaks.

Hours wasted, bugs slip through

No Visibility

Deploy hoping policies work. No way to verify.

Deploy anxiety, uncertainty

Expensive Fixes

Production bugs need emergency hotfixes.

10x more expensive than catching early

How it works

Policy Testing

Test all CRUD operations against your RLS policies with different user roles.

Schema Discovery

Automatically finds your tables and generates test scenarios.

Real User Testing

Test with actual JWT claims to validate permissions work correctly.

CI Integration

Run tests in your deployment pipeline to catch issues early.

Example output

$ supashield test
Testing public.users:
anonymous_user:
SELECT: ALLOW (expected DENY) - FAIL
INSERT: DENY (expected DENY) - PASS
authenticated_user:
SELECT: ALLOW (expected ALLOW) - PASS
INSERT: DENY (expected ALLOW) - FAIL
2 passed, 2 failed

Installation

Install globally with npm
npm install -g supashield

Usage

Scan for common RLS security issues
supashield audit
Generate RLS coverage report
supashield coverage
Discover tables and storage buckets
supashield init
Test all table RLS policies
supashield test
Test storage bucket RLS policies
supashield test-storage
Test specific table
supashield test --table public.users
Test with real user
supashield test --as-user admin@company.com
Save current RLS policy state
supashield snapshot
Compare current state vs snapshot
supashield diff
List users from auth.users for testing
supashield users
Export tests to pgTap format
supashield export-pgtap -o tests.sql