npm @supabase/ssr 0.12.0
v0.12.0
on Node.js NPM

one day ago

0.12.0 (2026-06-09)

Features

  • adds cookies.encode option allowing minimal cookie sizes (#126) (cf38b22)
  • bump cookie to 1.0.2 (#113) (b4a77b4)
  • cookies: add clearAuthCookiesAtScopes migration helper (#240) (4e47249)
  • full rewrite using getAll and setAll cookie methods (#1) (b6ae192)
  • improve cookie chunk handling via base64url+length encoding (#90) (6deb687)
  • pass cache headers to setAll to prevent CDN caching of auth responses (#176) (14962d2)
  • publish SSR under deprecated auth-helpers package names (#127) (e8b6102)
  • release workflow RC versioning and publish reliability (#164) (81e68f4)
  • update CI so it runs on release as well (#33) (4517996)
  • update supabase-js to latest (#133) (d65044d)
  • update supabase-js to latest (#145) (08bf7d6)
  • upgrade cookie dependency and cleanup imports (#77) (9524528)

Bug Fixes

  • add @types/cookies to dependencies (#63) (47e5f16)
  • add create*Client string in x-client-info (#85) (f271acc)
  • allow cookies encode without getAll/setAll on browser client (#213) (89f3f28), closes #170
  • allow use of createBrowserClient without window present (#20) (27d868d)
  • auth: respect user-provided auth options in createBrowserClient (#167) (5f04837)
  • check chunkedCookie is string in server client (#57) (549fe62)
  • ci: remove packageManager field (#197) (6bf0226)
  • cookies console warnings (#136) (64ff6b3)
  • deprecate parse, serialize exports for more useful functions (#14) (0b5f881)
  • enable tree-shaking for browser bundles (#216) (f009d71)
  • fix createBrowserClient deprecation tsdoc (#17) (1df70ad)
  • force release (#98) (66710e8)
  • re-apply update CI so it runs on release as well (#49) (51d5a43)
  • release: pin npm to 11.5.2 so OIDC trusted publisher works (#249) (4af89f7)
  • remove optional dependencies (#41) (a48fe6f)
  • remove usage of internal type params (#123) (8f3e89e)
  • revert "update CI so it runs on release as well" (#44) (9d0e859)
  • revert: "feat: improve cookie chunk handling via base64url+length encoding (#90)" (#100) (2ea8e23)
  • set max-age default cookie option to 400 days (#54) (f4ed2e0)
  • set cookies for password recovery event (#32) (7dc1837)
  • set cookies when mfa challenge is verified (#27) (c217f53)
  • tsconfig: set explicit rootDir to silence TS6059 in consumer IDEs (#211) (a77ee8a), closes #209
  • update conventional commits ci to use main instead of master (#31) (bebce89)
  • update README session docs (#159) (b859905)
  • update type, remove unused imports, define AuthEvent type (#47) (4f4a375)
  • use skipAutoInitialize to prevent SSR token refresh race condition (#131) (0b7be28)
  • validate base64-prefixed chunked cookies decode to valid JSON (#210) (302cc0e)
Check out latest releases or
releases around @supabase/ssr 0.12.0

Don't miss a new ssr release

NewReleases is sending notifications on new releases.

Get notifications