@supabase/supabase-js 2.58.1-canary.0 on Node.js NPM

2.58.1-canary.0 (2025-10-01)

🚀 Features

support OR filter (156dd198)
Transition to TypeScript (7bab0ca2)
creates a basic client (6328688e)
remove unused packages (0a751d56)
adds docs (dcf23545)
adds Subscriptions (6fe87dbe)
create Forgot password feature (377b5036)
create Remember me feature (0ce25074)
implement on_conflict (#113)
allow filters and transforms on insert (98d759a3)
refactor the library with additional exports (650170d1)
documents release of client.user(), client.session(), and client.refreshSession() (23ffc6e7)
Add magic link api method and sign in. (#19)
adds inviteUserByEmail for api users (b4ef615b)
add export of types for downstream use (1a56332b)
Allow Prefer: return=minimal for C(R)UD (#133)
add vertical filtering on CUD (a2f2c394)
Add Next.js & Express cookie helpers. (#33)
Adding head and count option on select(), insert(), update(), delete(), and rpc() (#147)
Give the ability for developers to redirect their users to a specified URL after they are logged in. (80863a5b)
support embedded or filter (#160)
support multiple column order (#162)
OAuth providers can now be supplied scopes (e3a64040)
rename filters (0c303bab)
make UPSERT its own function (8f4875d5)
release v1.12.7 (28b977a9)
implement storage-api docker for testing (2960395b)
create github test action (b16f6843)
release v1.0.0 (64ea6224)
update JSDoc with return doc (41ef1a29)
delete user (4a54632a)
allow twitter profile (04b5f834)
adds csv() function (2c205aa0)
Added basic tests (8775930d)
Added public option to createBucket method (a1eb6701)
Create maybeSingle() function (#184)
Implement unwrap() to throw query errors instead of returning them (#188, #92, #604)
export error and response types (db3a70b4)
add ignoreDuplicates option to upsert (e781bc1a)
trigger release for exporting Options type (adef7340)
#5 support server side storage upload (#5)
#5 document Buffer and NodeJS.ReadableStream support (#5)
adds generateLink api method (2f3301a9)
adds sign up + sign in with mobile/password and mobile OTP (44115fb6)
add cookie options to the jsdocs params (c7d35fbc)
allow clients to provide an hcaptcha response token (ae06fced)
support HEAD for RPC (#215)
support setting AbortSignal (9eea347e)
update transformers to accept already transformed walrus changes (#107)
adds spotify and slack providers (84b305a8)
createUser() (32ec2288)
allow providing custom fetch implementation (27809a8d)
allow providing custom fetch implementation (a6644828)
allow providing custom fetch implementation (#24)
push access token to every channel during heartbeat (9f99a816)
support for custom prefer headers #243 (#243)
add createSignedUrls method (#32)
support setting throwOnError at the client level (9c09ee08)
publish to npm (6e48312d)
add presence (3837bc36)
distinguish relay and function errors (672b58fa)
add generic parameter to invoke and make headers optional in constructor (a02e6a1c)
export RealtimeChannel (45051d56)
add on bindings to subscribe (e1b1b57f)
add search param to list function (#56)
use channel or subscription depending on versionDate (1feb707a)
added async getSession method (60129091)
add getUser method (8dfdeb42)
remove deprecated functions (d45685b3)
Merge pull request #304 from supabase/km/refactor-sign-in (#304)
add geojson transform (86ed6033)
add explain transform (ac8513a5)
add new API for Broadcast and Presence (3b050948)
return this for RealtimeChannel on and off methods (02b3e238)
move presence callbacks from client to channel (4eea6079)
remove channel track and untrack helper methods (dfa1d655)
return promise on channel send (f079d84a)
generate release (f5e86e3e)
generate release (3b445c6f)
remove channel list helper method (c5af7824)
⚠️ obsolete deprecated features (71ca436d)
⚠️ Prefer: return=minimal by default (2963d880)
⚠️ use undefined as bottom value instead of null (b50176e8)
⚠️ improved typings (2c2fdb4b)
⚠️ omit .nullsfirst/.nullslast by default (378471cf)
remove channel send method (a6773903)
change presence_id to presence_ref (376c05a5)
send configs payload on subscribing (e7aade87)
add default configs for broadcast, presence, and db changes (ddcc9bba)
nest defaults under configs key (f2fa62cc)
refactor returns types to always return data (d83cb113)
remove client-level throwOnError (ce71fe0d)
obsolete PostgrestClient.auth() (3928b998)
remove all cookie related methods (b721f8ea)
new invoke syntax (1944bce6)
add rollback parameter to mutations and rpc (771f7ecf)
move helper methods from supabase-js (8405ac09)
rename GoTrueApi to GoTrueAdminApi (a9296c12)
add simple throttle for Broadcast and Presence (9b5c7320)
⚠️ Release V2 RC (1977ec27)
⚠️ Release V2 RC (42a2adc1)
⚠️ Release V2 RC (a937a18b)
⚠️ Release V2 RC (058867c3)
add text format to explain() (#301)
add channel config type and enums (77dcc44e)
return channel instance in subscribe call (8d52d937)
move rollback to a method (598164e2)
initial MFA stubs (929112a2)
add more method implementations (b9d7102e)
start adding admin mfa bindings (e550047d)
add basic test and testing core (e7481afa)
few simple tests to validate auth header and custom fetch (b30a588f)
add few headers and body tests (5c8c9670)
move to jest (b515cacf)
add blob arrayBuf and queryString tests (262fa3c7)
add hijack test (913f98b0)
add getAMR and getAAL (191fb56d)
add provider refresh token (63296eb2)
update setSession (04740ce3)
revert to null in response (a7aa83c9)
add setSession support for a SSR context (c0c046fb)
⚠️ Release V2 (#114, #60, #63, #62, #82, #83, #85, #59, #80, #84, #78, #6, #99, #98, #102, #104, #106, #110, #112, #113, #107)
allow overriding result types (0b00be62)
export Postgres Changes insert, update, delete, and filter types (61ccbc58)
add challengeAndVerify (a3502a95)
add signInWithSSO method as @experimental (#526)
disallow setSession loophole (#536, #490)
support pagination options for listUsers() method (#537)
image transformation (#128, #129)
return pagination data for the listUsers() method (#544, #537)
update Presence type to accept optional generic (26f31b78)
add comments to types (898a57bb)
pop implicit flow URL from back stack (#574, #302)
format option for webp support (#142)
support ->/->> for column names (01ab2392)
target ES2017 in tsconfig (#391)
quality option, image transformation (#145)
setSession triggers SIGNED_IN event (#581)
add skipBrowserRedirect option to signInWithOAuth (#575, #417)
add new auto refresh token algorithm (#564)
disable throttle with negative eventsPerSecond number (#222)
add arg descriptions to channel .on to display in Supabase docs (00feb036)
move broadcast type channel .on last to display in Supabase docs (f0573f9a)
add multi-tab state change notifications (#566)
add experimental signInWithIdToken for Apple, Google (#603)
add enhanced localStorage support check (#600, #436)
new release (0c969e05)
add support for whatsapp programmable messaging API (#616)
trap errors when BroadcastChannel is not supported (#626)
allow consumers to pass presence state types to channel.presenceState (#224)
make certain properties in UserIdentity nullable (#619)
invoke callback on onAuthStateChange (#627, #313)
add pkce (#591)
Support for double-quoted identifiers in queries (#415)
dont fire SIGNED_IN event on PASSWORD_RECOVERY (#629)
remove experimental from signInWithSSO, update docs (#643)
refactor signInWithSSO types to work with docs (#644)
custom file size limit and mime types at bucket level (#151)
use Deno.unrefTimer to stop runtime from hanging (#632, #617)
signed upload url (#158)
add pkce magic link bindings (#656, #652)
revert use Deno.unrefTimer to stop runtime from hanging (#659, #632)
drop window prefix (#660)
bulk inserts/upserts w/ column defaults (ba110541)
add pkce option to signup (#661)
increase auto refresh tick duration to 30s from 10s (#651)
add resend method (#631)
remove code param (#672)
keep expired session on initialization (#598)
update tsdoc (#687, #13820)
change location of evaluation (#703, #700)
add async/await support for onAuthStateChange callbacks (#685, #276)
return messageId when using otp (#706)
_recoverAndRefresh does not remove session on retryable error (#710)
refactor _handleRequest (#708)
no persist of session with no changes in _recoverAndRefresh (#711)
add debug messages and configuration (#712)
use <= for auto refresh token threshold (#716)
complete OIDC support for Apple, Google and others (#690)
Add 'kakao' to Provider type (#720)
add signOut() scope option (#713)
bump typescript target to ES2017 (#729)
refactor to _useSession semantics (#726)
revert _useSession semantics for unknown issue (#732, #726)
refactor to _useSession semantics (#734, #726, #732)
add _acquireLock and navigatorLock (#736, #734)
fix stack guard issues with Safari (#743)
refactor _getSessionFromURL to be easier to read (#733)
add dynamic schema to postgrest client (1c9cac80)
remove stack guards, lock on external calls (#757)
acquire lock around visibility change callback (#764)
add updateUser (email_change) bindings for pkce (#665)
navigatorLock check for spec compatibility (#761)
parse expires_at if present (#735, #733)
allow customizing the debug log function (#785)
provide default storage when persistSession is false or localStorage is not supported (#774)
acquire locks around mfa methods (#788, #736)
send messages via broadcast endpoint (#251)
pkce challenge support in React Native with Segment (#772)
add linkedin oidc type (#796)
add SSO PKCE (#707)
detect one-to-one relationships (4951f54c)
move from websocket to ws and support native browser WebSocket API (#263)
call SIGNED_OUT event if token refresh fails (#815)
add AuthWeakPasswordError (#817)
add identity linking methods (#814)
return weakPassword information after sign-in (#824)
add regional calls in the functions library (685176be)
default to navigatorLock on browsers (#807)
warn use of getSession() when isServer on storage (#846)
explicit cache: no-store in fetch (#847)
dedup values passed to PostgrestFilterBuilder.in (#517)
add support for type casting (id::text) (#429)
query parser: handle empty embedded resources () (#445)
query parser: add types for count (#498, #447, #479)
add method for anonymous sign-in (#858)
add support for error codes (#855)
typecheck table names in .from() (#528)
.rpc() with GET (cf20ecbc)
add Edge Runtime global types (df6de8f2)
move and copy objects across buckets (#197)
remove cache: no-store as it breaks cloudflare (#886)
signed upload URL upsert (#199)
configure to publish to JSR (#82)
Release Realtime 2.10.0 (#409)
allow setting headers on a per-call basis (2f063886)
add bindings for Multi-Factor Authentication (Phone) (#932)
custom-metadata, exists, info methods (#207)
remove session, emit SIGNED_OUT when JWT session_id is invalid (#905)
add kakao to sign in with ID token (#845)
write select-query-parser v2 (6cfc133d)
make new select-query-parser available under next flag (f659f528)
handle select over RPC calls (975b872c)
add process lock for optional use in non-browser environments (React Native) (#977)
Implement token callback; fix CI testing (#439)
wrap navigator.locks.request with plain promise to help zone.js (#989, #830)
add abort signal option to invoke function (45bcc644)
consider session expired with margin on getSession() without auto refresh (#1027)
introduce getClaims method to verify asymmetric JWTs (#1030)
add signInWithWeb3 with solana (#1037)
validate uuid and sign out scope parameters to functions (#1063)
add max-affected method (da4ee9b8)
handle options declaration within Database (1c7ad73b)
add maxAffected for rpc calls (c8e9bf77)
introduce experimental split user and session storage (#1023)
use dedicated storage host for storage lib (allows >50GB uploads) (840ed46c)
Presence enabled flag on join payload (#496)
managing iceberg buckets (#231)
bucket type (#233)
make getClaims() non experimental, add global cache (#1078)
remove solana dependency by inlining types (#1079, #1076)
fallback to getUser() if the kid of the JWT is not found (#1080)
add sign in with ethereum to signInWithWeb3 (#1082)
make apikey mandatory; improve stability and readability of code (#502)
replace isows with native WebSocket factory (#509)
readability changes and stability (#510)
list-v2 endpoint (e445f02a)
add support for .throwOnError() (#250)
implement linkIdentity for oidc / native sign-in (#1096)
mfa with webauthn support (#1118)
filters: likeAllOf, likeAnyOf, ilikeAllOf, ilikeAnyOf (a5600ee5)
release: temp run on branch (8b3e32fe)
repo: merge main from git@github.com:supabase/storage-js.git (53f7211f)
repo: merge master from git@github.com:supabase/postgrest-js.git (3bd01044)
repo: merge master from git@github.com:supabase/realtime-js.git (4f4e72b9)
repo: merge main from git@github.com:supabase/functions-js.git (2d16a08e)
repo: merge master from git@github.com:supabase/auth-js.git (e1107521)
types: replace Required/Optional/Readonly w/ Row/Insert/Update (ed1c2696)
types: fallback columns to string & values to unknown (dd4dc91c)
types: support views (527b7ada)
types: export PostgrestResponseSuccess and PostgrestResponseFailure (#396)
types: determine relationship cardinality (55ceb0a8)
types: add jsonpath parser (82c07c51)
types: allow jsonpath selector types overrides (7a791f65)
types: add overrideTypes method (a7c0ee87)
types: add ClientOptions to handle multi postgrest versions (99385482)

🩹 Fixes

multischema RPC Content-Profile header (b4d98a0f)
replace % with * in or filter (a0bc38fc)
proper usage of isomorphic URL (17c010f7)
change fetch polyfill (#109)
removes dotenv which will should be handled by the user of this library (4e888b76)
don't mutate PostgrestClient.headers (3dbc55bc)
async storage class (22d9b0fd)
LocalStorage class implements Storage (90dc0abd)
save the user when the libary is loaded (f18539e1)
sets current user on sign up and sign in (f3d7ae19)
recovers user from local storage on init (23022b29)
adds test for current user (730596c2)
moves type to prod dependencies since it is imported into projects (5042996c)
returns meaningful errors (ec4cd86e)
turns out that GoTrue doesn't have a consistent error format. Adding another possible variation (8c357d25)
removes stray console log (af2f2f2c)
(hopefully the last). Errors don't need to be recreated since they bubble up as full errors (288edfbb)
disconnect callback should be optional (83da0f14)
instructions to disconnect the socket (ec736ea1)
Typescript not picking up the latest changes. Adds some jsdoc to trigger a new deploy (dffeed56)
adds a return type to disconnect() (e87bce52)
migrates all exports over to the proper naming conventions (62998b95)
renames types to be more consistent across all of our libraries (eb8a17ed)
broken import (91177822)
rolls back the 2.0.0 release (a88affdf)
adds PostgREST types to responses (97c40699)
add notes for v1.6.1 (550994ca)
Simplify user and session methods. (#20)
ordering on JSON columns (a1da7fe0)
tsc output for types (0de76d62)
push release for React Native (9fa3de43)
Fire signed in event on recoverSession. (f9adae4e)
Automatically recover expired sessions. (fff851b4)
don't error if process is undefined (ae228d6a)
fire PASSWORD_RECOVERY auth event (236b745d)
adds missing error on PostgrestSingleResponseSuccess (ba476695)
#38 & fix: #41 (#38, #41)
force release (#50)
supabase/supabase#492 (f5a997b2)
supabase/supabase#492 (182ea2d2)
#153 Adds link to our docs (#153)
#45 (#45)
remove quoting of names (#131, #149)
removes redirectTo from UserCredentials (7bf67d73)
#66. Missing redirects on some routes (#66)
rpc method (#156)
Convert PostgrestError to a type (#159)
broken error in test (d610aa73)
handle postgrest special characters in filters (a423ed89)
only need to quote (), for values (b99ff1b8)
update session userData and save to storage (d4db683d)
#52 - documents the "expires_in" field (#52)
call token refreshing with arrow function (04d7b389)
create refreshTokenTimer to manage refresh token (cbae349c)
saveSession and auto trigger refresh token (4b99693d)
recover and refresh token on startup (f9c1fa52)
clear refreshTokenTimer on session remove (72e7aa29)
unit test by replacing inbucket image with a custom one (ac6d43d6)
signIn() with the wrong password unit test message check (7c3fe20f)
update snapshot (9b88176a)
client signOut doesn't trigger api.signOut #73 (#73)
include src for source maps (f6207aee)
include src for source maps (82f3e24a)
include src for source maps (fa8c193b)
bumps websocket to make it isomorphic (ca7fc7b5)
#83 (#83)
large influx of messages prevents heartbeat reply (c05d05d6)
infra docker config (a4cc19fa)
test scripts (dc5ad121)
update storage api to v0.2.1 (466d7bb7)
create new bucket test (cb828217)
unit test (a2469eba)
#1 adds automations for releases (#1)
missing ./src/index.ts #3 (#3)
missing release branch (0cf6dbbf)
npm access public (23d51a9d)
create bucket return newly created bucket id instead of bucket object (569296c0)
session not recovering in React Native #76 (#76)
Secure cookies when development with a vhost (f0853e8e)
#34 (#34)
include columns param on bulk INSERT (b4ff9df8)
rename method name (62d49e4e)
removes the removeUser method from the client (cf2dad49)
cacheControl header when uploading (38395d32)
notify subscribers when setting session (bfd3abaa)
/invite API (inviteUserByEmail) returns a User (31cfd19f)
globalThis polyfill for Mobile Safari <= 12.0 (7edfc940)
insert w/ empty body can't have columns param (9a21405a)
docs for upload and update object (807c0384)
#65 sends redirect in query param instead of referer header (#65)
add Apple as Provider in types (0e620344)
trigger new patch version (b77683ad)
return the full URL in both places (3750fb25)
supabase/supabase#1915 encode query string parameter values (#1915)
change match's value type to unknown (691ae748)
refreshTokenTimer blocks node event loop exit (#99)
supabase/supabase-js#178 handle JWT expiry <= 60s (#178)
csv bug and type error (1d12edc3)
tests and trigger release (6543da03)
add discord provider (c6bb88e3)
Added call back on 'otherEvent' to check if ignoredSpy is not called (71840e8b)
trigger release for exporting Options type fix (61904365)
added 'twitch' to Providers (96e5e310)
existing tests (6cd2d64d)
updates confirmed_at to email_confirmed_at (d9eec88f)
moves tests to not use snapshot (0711f4d9)
var to const (8f2842b0)
magicLink -> magiclink (a5f1fbc3)
Close open handles to allow testing without --exit flag (#99)
escape columns in columns query param (0ddf7820)
set default X-Client-Info and trigger release (55313e6e)
maybeSingle: Avoid uncaught promise rejection (#210)
adds X-Client-Info header (#104)
adds X-Client-Info header (f2d47b07)
require was breaking some builds (abff0171)
#241 (#241)
add semantic-release-plugin-update-version-in-files to devDependencies (999dd68f)
typo (b0967569)
catch network errors (f2624c95)
as per #129 (#129)
supabase/supabase#2497 prevent empty results when selecting folder(s) in one bucket that match an object name in another bucket (#23, #2497)
include negated operators in FilterOperator type (d8c886a6)
update node versions in ci, docs, release yml files (#110)
error parsing JSON when transforming array data types (8e36fddd)
semantic release now requires node 14 (0a261c4a)
test isnt accurate (a777ddfa)
release error (#25)
#175 return token from cookie helper (#175)
exports ApiError (85acdf99)
Removes deprecated data for session (886ee424)
docs build (52b04b6b)
add typescript mapping for identities type (787d7755)
add a new TOKEN_REFRESHED event (1ccb10e9)
supabase/auth-js#184 (07bca4e6)
push access token only to joined channels (a2dc5737)
only push tokens to joined channels (78f9f9b7)
add back heartbeat message push (785eae91)
update channel join payload for successful reconnect (77d4a952)
send magiclink should use otp endpoint (26b15514)
add no signup param for otp endpoints (eac5e685)
Fetch method can't handle error response that is not a valid JSON (#242)
force client to listen to unique subscriptions (4fc05f8c)
'\1' -> '' and '//' -> /+ (bdd42d55)
Merge pull request #128 from supabase/da/hcaptcha-support (#128)
release v1.22.1 (1de8f6ec)
bump to v1.22.1 (10c68bce)
calc expiresAt before returning verifyMobileOtp (074e55a3)
use custom fetch if provided for upload (a3d702ea)
correct backquote placement (a66d9c72)
set heartbeat ref to null on incoming message (43a2e2ce)
persist session if user is null. (bb7abdaa)
return whole URLs from createSignedUrls() instead of just paths (45753731)
prefer global fetch to cross-fetch (76fc7da3)
prefer global fetch over cross-fetch (5bc6a79b)
illegal invocation on fetch (112208b2)
illegal invocation on fetch (96ed5848)
prefer global fetch to cross-fetch (f6f65f5b)
properly default shouldCreateUser flag (94221d67)
Merge pull request #244 from fspijkerman/feat/keycloak-provider (#244)
add phone field to user attr (b60fd91d)
verify email otp to verifyOTP (13bfb641)
mark verifyMobileOTP as deprecated & update verifyOTP (60d02ff5)
trigger a release (36113226)
update package name (4c9daa82)
package name (799d8b00)
npm package can be public (79885af1)
add warning msg if redirect_to is used for non-oauth sign-ups/sign-ins (8c61d8f2)
trigger release (d1190354)
update typedoc for responseType (145e9c01)
illegal invocation (4617ef75)
parse error as text (b940eaa0)
resolving custom fetch (f2414ab9)
change license to MIT (b16f7e68)
update redirectURL type docs (d034650f)
typo (afe323e0)
fetch type (71315e57)
put all optional params in an object (ed644701)
default invoke T (f6c5b59a)
invoke resp type (a31293cb)
move @types/* to devDependencies (5f0e4230)
name (ab51543b)
w3cwebsocket typings (3e3d4238)
include @types/phoenix as dependencies (3876b7a5)
types in package.json (69eb92e8)
types in package.json (dc3462d8)
types in package.json (c2c28f2a)
types in package.json (0cb6ad85)
types in package.json (c25c3f80)
setAuth should not set user to null (97f2de50)
add RealtimeChannel (826bfb36)
update RealtimeClient to support RealtimeChannel (a6832c81)
add phone_change otp type (062cf778)
update RealtimeChannel .on method args (ffb71a30)
update Push to enable RealtimeChannel (bd8ad723)
remove lodash clonedeep and isequal (67d1612e)
update eventFilter type (85ec5168)
FunctionsClient constructor default options (b9600c2c)
return headers default value (3adbfb84)
update logic that sets versionDate in RealtimeClient instance (c0829314)
notify all subscribers when calling setAuth (b3c584ed)
remove URL instance with vsndate from params (60bd7226)
token refresh retry offline + recover on visible (#278)
Minor typo fix just because I found it... (5211b63e)
Add new fields on User type (bc3b18f8)
change var passed in (f691c399)
make throwOnError work with maybeSingle (#272)
ignore no-extra-semi (b3242b30)
getSession() read from localStorage every time (e7d56536)
destructure currentSession from persistedSession (9a07c580)
makes setAuth work with inMemorySession (e9035b5b)
typo in updateBucket jsdoc (f746d89e)
allow custom storage key in localstorage (c53404b4)
import cross-fetch conditionally (4fca88ae)
import cross-fetch conditionally (49b29f15)
import cross-fetch conditionally (472214ad)
import cross-fetch conditionally (ab3c8d75)
es2020 (6a8a28a8)
es2020 (fad8e160)
es2020 (984c9d19)
es2020 (1af723ce)
rename captcha field (7dd47274)
resolve channel send when time out (cc8b09b5)
only saveSession when persistSession is true (edb8a26b)
add config for sign in endpoints (f270f201)
refreshSession should take in an optional refreshToken (fe48fe69)
make types tighter (2bd4b4e8)
resolve & reset deferred upon refresh error (88157d08)
add AuthResponse type (6b2ef5a0)
properly handle non AuthError's (da46433e)
clean up signInWithOAuth types (b5d73411)
clean up signInWithOAuth types (bb881e0a)
add custom error classes (887377e8)
remove RealtimeChannel and RealtimePresence (49c4e904)
rename main release branch (#84)
remove unnecessary notify events (55273f2d)
remove multitab stuff (b59d0b3d)
return push instance on channel send (641fc60b)
wrong usage of FilterOperator (b9f50198)
typo in auth cookie error (89eaa479)
default current presences to empty array (d2b65dc0)
remove _recoverSession (2b2cf3b7)
add email change types to generateLink (7b3990f4)
cleanup localStorage session format (957e5d41)
generate realtime config via filter and map methods (d9f02fea)
prevent channel configs completely overwrite (d6ff1e6b)
fix ts error introduced with prettier changes (363cda8d)
correct typo (4aa4399b)
rename localstorage to storage (69023e53)
export errors (10b0dbd3)
allow arbitrary string on .from() (c3309b1a)
fixes exponential backoff upon token refresh (aff1d741)
refactor user methods (826e37f4)
guard blob and FormData (3d1ebf00)
add content type headers only if func args are set (09ca2735)
pass postgres changes to getPayloadRecords (6dcf1baf)
remove duplicated methods in GoTrueApi (c23871ed)
refactor update method (4fd63123)
revert invoke function signature (0dfe35e1)
move resetPasswordForEmail and refreshAccessToken to GoTrueClient (6cb28759)
typedocs (#32)
signInWithPassword should send sign-in event (cb7d3227)
getUser should accept jwt (b076575c)
verifyOTP should send session (a45b9e77)
typedocs docs (7741bd05)
cleanup type docs (add308d7)
send headers on all requests (d236ca8e)
enable compatibility with single tenant Realtime (4c2879ca)
wait for _getSessionFromUrl (999afd12)
await getSessionFromUrl in _recoverAndRefresh (711ede80)
await _saveSession and _removeSession (24547622)
only remove session when there is an invalid one (3f6c4027)
don't throw errors in constructor (f2a6ab14)
distinguish between malformed urls and errors (7c4d838d)
validate error callback urls (16395d93)
fix broken test (b841fe86)
_getSessionFromUrl() test (b44b9c4b)
change channel configs to config (e86f95f4)
move isBrowser localStorage check (93722840)
move options into verifyOtp params (ab8c2201)
onAuthStateChange returns data object (47b321e6)
update types for generateLink (4c2d5b59)
make types tigher for generateLink (abcae8bf)
keep second channel with same topic open on rapid re-subscribe (ddff7c33)
missing src in package (4280f01d)
handle custom fetch response in error handler (7ba20341)
add ban_duration (59a3e1aa)
add initial enroll and challenge implementations (5fbc3e31)
change types to return appropriate signatures (e5fcdff5)
use snake_case in req body keys (26f80d3e)
change enroll params to snake case (78a4f249)
mfa verify should update current session (a8d7ce95)
add option to pass in data (d0aca029)
update default value from totp -> TOTP (075e0825)
update corresponding type for TOTP (d9ca572a)
allure generate command (12d8c510)
default invoke type cange to json (afd0aece)
upd to latest constructor signature (8275c85b)
format in hello spec (0bb7d003)
readme command test reports (50e8215f)
keep second channel with same topic open on rapid re-subscribe (aaba048c)
update getAAL and getAMR methods (1182b5c8)
use current session in _startAutoRefreshToken callback (bd30e666)
throw AuthRetryableFetchError on network errors only (0f3d60c6)
send application/json in Content-Type header (#429)
change setSession to take in an access token (d4271ea8)
getUser should default to authorization header (70a5c652)
return provider refresh token (71f2e342)
change setSession to take in an object (0b3a5fb5)
merge rc into mfa (1c0b2db9)
gitignore only v2 docs (c18961f4)
bump version (62ab32cd)
refreshSession() test (d422dcea)
tidy up tab issue in unrelated code (a145f2ea)
eof newline (cb12e5f4)
improve realtime postgres changes types (1e07e6f9)
remove access token and jwt code (25f6e335)
update getAuthenticatorAssuranceLevel (02a8c575)
listFactors should use getUser (31563201)
spelling (c5b0d7d6)
add forgotten data option for sign ins (baefbca5)
mfa challenge and verify (d4ae41a5)
remove xform methods (30627199)
use captcha_token in verifyOtp (#525)
decode base64 to UTF8. (#528)
revert "fix: respect EXPIRY_MARGIN on getSession" (#533, #482, #529)
signout should remove session if user doesn't exist (#541, #540, #520)
mark captchaToken option on verifyOtp deprecated (#532, #795)
drop experimental MFA tag (#547)
setSession is in broken state after v2.4.0 (#548)
update mfa methods (#551)
update tsdocs (#559)
wrong response on update w/o match (9b1eacbd)
mfa admin list factors (#562)
remove comments about calling getUser() in listFactors() (#570)
update format for type comments (9e816fee)
use location.assign() instead of location.href (#573, #155)
update docs for public url (#141)
add status property to AuthError (#580)
update to node 18 (#582)
upgrade node version CI (#143)
run npm audit fix (#144)
add soft delete option in deleteUser (#587)
decodeBase64URL compatibility (#586)
revert pop implicit flow URL from back stack (#596, #574)
use unref on setInterval to stop tests from hanging (#599, #564, #597)
rpc return type (7344a8d9)
use null if return=minimal (c6c49b8e)
add missing new_phone property (#609)
add emailRedirectTo option to updateUser (#610)
remove data property from AdminUserAttributes (#612)
prettify intersected types when selecting multiple columns (#399, #398)
unhandled promise error when response has invalid json format (7e3fa50b)
defer notifyAllSubscribers in the constructor (#623)
update package-lock.json (5ded1c13)
pkce does not generate truly random values in a browser (#636)
remove async from generatePKCEVerifier and fix parameter of _handleProviderSignIn (#638)
remove crypto-js (#641)
add email as a verification type (#642)
move channel parameter from sign in to sign up (#647)
update package-lock.json (#237)
_isPKCEFlow is not being awaited (#653)
remove oauth flow type (#655, #654)
upgrade deps (12ac9dca)
allow null on bucket constraints (#160)
check for Deno (#658)
use ?columns= on upsert (e9615e45)
signOut should remove any unused code verifier (#664)
default to plain code challenge method if crypto API is undefined (#663)
populate details on FetchError (39e8a1b1)
partial fix for maybeSingle logging 406s (4cb2b70c)
add reauthenticate method (#688, #258)
update resend types (#691)
return warning if persistSession is true with no storage option (#697, #539)
verifyOtp should not removeSession for phone_change & email_change (#698, #696)
add log_level to RealtimeClientOptions type (a9214b92)
return SelectQueryError when referencing missing columns (#436)
replace super with this inside FunctionsError constructor (0c7cfa98)
add emailRedirectTo option to resend method (#724)
type error when ordering on json[b] columns (b957514d)
don't remove session in resend (#717)
add figma provider (#723)
add verify token hash (#722)
always wait for _initialize before loading the session (#747)
better defined localStorage support for debug (#753, #752)
set initial access token (#245)
use @supabase/node-fetch (46bc826b)
use @supabase/node-fetch (e2bf9c85)
use @supabase/node-fetch (794f8a0f)
use @supabase/node-fetch (#763)
revert using @supabase/node-fetch (099c897b)
trigger release (e0396f1f)
revert using @supabase/node-fetch (#765)
use @supabase/node-fetch (02d97a2e)
use @supabase/node-fetch (#776)
use @supabase/node-fetch (f98b90f9)
use @supabase/node-fetch (6103f0e2)
expose role in admin user type (#790)
typo (#786)
detection of maybeSingle (#2876)
Enrich send function arguments (a75e4bac)
remove rate limiter (52d9bd4f)
Export CHANNEL_STATES from RealtimeChannel (#262)
Add missing on overload for Broadcasts (#261)
explain() always returning an error (3837ff55)
release for Return ID and full path of uploaded file (#187)
add password recoery flow support for pkce (#813)
weak password error runtime type checks (#819)
Type error on code exchange when no item in storage (#825)
replace ws require with import (#267, #269)
Emit password recovery event from verifyOtp when otp type is recovery (#829)
add link on how to enable explain on the explain() method (#507)
channel.send via rest api (#273)
move @types/ws to dependencies (e2b6eec2)
Ensure thrown errors have a stack trace (#502)
upgrade to node 20 (#839)
set region on invoke and in constructor (28d1191e)
remove data type (#848, #811)
refactor all pkce code into a single method (#860)
trigger semantic release & export type FunctionRegion (6fc2b193)
getUser returns null if there is no session (#876)
ignore undefined args when using rpc with head/get (2060aa37)
rpc w/ HEAD/GET w/ array param (cf9bdc70)
accept error message from server when tracking Presence (52b54157)
implement exponential back off on the retries of _refreshAccessToken method (#869)
use Supabase namespace for non-std Supabase APIs (dd6e6f3e)
update session warning (#879, #873)
check for access token in header (#882)
revert check for access token in header (#885, #882)
return error if missing session or missing custom auth header (#891)
remove babel dev dependencies (#293)
signOut should ignore 403s (#894)
suppress getSession warning whenever _saveSession is called (#895)
limit proxy session warning to once per client instance (#900)
jsr publish write permissions. (#83)
allow wirting to issues. (#84)
use proper dual-packaging (47d57ae9)
detect !inner in one-to-one relationships (#530)
don't call removeSession prematurely (#915, #854, #853, #904)
bump node version in ci (#201)
patch release workflow (#922, #921)
type errors in verifyOtp (#918)
Reland ESM fix (#540)
Bump WS dependency due to CVE (#410)
esm typings (#547)
Close fetch response on HTTP broadcast sent (#412)
Update dependencies (#413)
imports not working w/ Metro bundler (2dfba809)
Broadcast endpoint includes private param in request body (#414)
add openai compatible types. (#88)
update types (#930)
ambient module declaration. (71f9bdab)
move docker compose to v2 (#940)
Correct typo in GoTrueClient warning message (#938)
don't throw error in exchangeCodeForSession (#946, #782, #945)
Add type to system messages (#422)
Remove Module type from package.json (#425)
improve mfa.enroll return types (#956)
remove phone mfa deletion, match on error codes (#963)
prettier (7cd3b7b4)
export PostgresError as a class (#555)
make oneToOne optional (319749e7)
update GenericTable usage to work with views (239af1a1)
make hinting relationships use name as well as hint to avoid duplicates (c560bf1d)
rpc procedures call (5fc34bfe)
inner join on many relationship (55abc138)
metadata ordering on multipart form/data (#211)
errors with relationships duplicates (a8efa8cd)
move MFA sub types to internal file (#964, #956)
Add Web Workers as a way to run health check (#431)
self-referencing relation corner case (7c3c9faa)
Call SIGNED_OUT event where session is removed (#854, #853)
hint matching (6b19156a)
use class PostgrestError instead of type PostgrestError (#562)
update soft-deletion docs (#973)
unwrap error within arrays (0a2f9db3)
typo in warning message (#975)
add loose auto complete to string literals where applicable (#966)
add new error codes (#979)
Add missing PostgrestError export to wrapper.mjs (1a3a2dce)
prevent sending expired tokens (#437)
Improve error message on invalid JWT (#438)
export unstable GetResult type (599d5874)
don't remove session for identity linking errors (#987)
Access token callback can return null (#440)
set proper type in options (#441)
Release new version (#442)
return error early for redirects (#992)
add email_address_invalid error code (#994)
revert #992 and #993 (#999, #992, #993)
isBrowser() to include check on window (#982)
add a type for EdgeRuntime.waitUntil (3b1d15c8)
return redirect errors early (#1003, #992)
update docs to add scrypt (#1012)
remove internal-types.ts (#1014)
Correctly validate enum values in eq, neq and in methods (cc8bf091)
Correctly validate relationship enum values in eq, neq and in methods (#589)
also validate enums in views (4a79339b)
jsonpath with embeded tables (8b736ff7)
in filter result infer (ee670462)
in filter (750498b9)
jsonpath accessor and filters (7953a1dd)
jsonpath filter string operator accessor (1403f6e3)
assert type in decodeJWTPayload (#1018, #967, #1017)
remove client side check of jwt token (#451)
Change format of version sent (#455)
set log level on params (#456)
preserve result optionality in override (0fd6525f)
add runtime test coverage (ee9b3928)
set jwks_cached_at (#1039)
generatePKCEChallenge should use btoa (#1044)
Add heartbeat callback; Move to Sets vs Arrays (#460)
Properly handle errors in Upload Api (related to StorageError) (#216)
properly export log level (#464)
resolve regression with uploading files introduced by #216 (#216)
add missing deleted_at property to User interface (#1059)
export processLock from toplevel (#1057, #977)
onHeartbeat; Expo comparability; general improvements (#470)
types (64fd20e1)
properly handle ws browser export (#474, #476)
make the exports section compatible with Deno 1 (#479)
handle null current session with split session storage (#1071, #1023)
handle subscribed called multiple times; remove redundant line (#489)
prevent multiple web workers from starting (#490)
adopt isomorphic websocket implementation (#492)
resolve 'ws' peer dependency (#495)
soft deprecation of headers and simplify ws socket connection (#494)
include response object in FunctionsClient invoke method return (46baa2e6)
bucket type, iceberg_catalog property: (#232)
optionally use storage new hostname (#234)
Set auth on connect and reconnect flows (#497)
consistent bucket type name (#235)
call setAuth on subscribe (#499)
use JSON-based deep clone instead of structuredClone (#1084)
trim duplicate slashes from file paths (17f71536)
us normal storage/v1 prefix with storage zone (0c32e21f)
remove dynamic imports to eliminate webpack warnings (#514)
pass duplex option to the fetcher (#242)
Websocket like type definition compatible with ws (#517)
inline GetGenericDatabaseWithOptions (#637)
correct typo in GoTrueClient initializePromise comment (#1093)
allow override presence enabled (#530)
add hearthbeat callback (#529)
update docs for list endpoint (#167)
use dynamic property access for proces.versions to avoid Edge Runtime warnings (#533)
update typedoc to 0.23 (#641)
update typedoc to 0.23 (#251)
update typedoc to 0.23 (#109)
update typedoc to 0.23 (#1113)
docs for ethereum (#1117)
add missing jest-environment-jsdom dependency (#1111)
prettify types and improved typesafety for MFA methods (#1116)
export storageClientOptions type (#255)
CI: semantic-release (521c7412)
parser: whitespace issue with inner embeding (69e34bbb)
realtime: handle null at convertChangeData (#539)
release: snyk security issues (d572434d)
release: temp disable tests to test release (3824887f)
result: error plain string results unwrapping (557f9ef1)
rpc: allow filters on rpc (1c8ce6b3)
select query parser: support field!hint(nodes) (f2c694c6)
select query parser: support !inner (22a37b3c)
select-query-parser: support !left (47e496de)
typegen: avoid possible infinite recursion error (#630, #627)
types: update throwOnError return type to this (b73019a1)
types: aggregate on a missing column with alias (907fa4a2)
types: handle many-to-many join tables references (af02bce0)
types: types result with schema as any (7b25e717)
types: spread and embeding combination issues (f67b2017)
types: make types retrocompatible to typescript 4.5.5 (#571)
types: add deduplication helpers for retro-compatibility (544175de)
types: inference for default any schema (88af9e2f)
types: type result for throwOnError responses (#590, #563)
types: type instantiation is excessively deep and possibly infinite (01e582ae)
types: returns type casting (956c7c8e)
types: overrideTypes deep merge behavior (4e89ce1f)
types: overrideTypes work on invalid embeded relation (d878d010)
types: overrideTypes merging with maybeSingle (5fdef791)
types: allow merge Record and litteral object (5e1b1150)
types: outdated error message (#608)
types: inner join type on nullable relationships (776b5139)
types: computed field and star selector (#626)

🔥 Performance

♻️ applying early returns concept to reduce complexity and refactoring some methods to improve our performance (f63af3b0)
⚠️ nullsFirst = true by default (8d32e40b)

⚠️ Breaking Changes

Release V2
omit .nullsfirst/.nullslast by default
improved typings
use undefined as bottom value instead of null
nullsFirst = true by default
set Prefer: return=minimal by default everywhere
obselete the following previously-deprecated features:

❤️ Thank You

A. David Thyresson
Ademílson F. Tonato
Alaister Young @alaister
Alex Rich
Alois Klink
Andrew Valleteau @avallete
Ant Wilson @awalias
Anthony Gubler
avallete
awalias
Beng Eu @thebengeu
Benjamin Dobell
Benjamin Tan @bnjmnt4n
Bermi Ferrer
Bhavin
bmartel
Bobbie Soedirgo @soedirgo
bombillazo
Brice Lechatellier @gdaybrice
burggraf
Cemal Kılıç @cemalkilic
Chris
Copple @kiwicopple
Dan Schuman @quicksnap
Daniel Schaefer
David @DavDeDev
Denis Homolik
Div Arora
DmitryScaletta
dshukertjr @dshukertjr
easy-street @easy-street
egor-romanov
Emmanuel Roussel
Evan Schwartz @emschwartz
Fabrizio @fenos
fenos @fenos
Filipe Cabaço @filipecabaco
Fizal Sarif
Guilherme Souza
hammerlscs @hammerlscs
Harrell Zh @hmpthz
Hector Ayala
Inian
Inian Parameshwaran
izqalan
j4w8n
Jack Merrill @jackmerrill
Jacob Gillespie
janglad
Jason Creviston @j4w8n
Jay Baker
Joel Lee @J0
joel@joellee.org
Jonathan Picques
Jonathan Summers-Muir @MildTomato
Joonas
Jordan Lewallen
Juan Cardenas @cardenasj97
Julian Meyer
Justin Noel
Kacper Potyrała
Kamil Ogórek @kamilogorek
Kang Ming @kangmingtay
kangmingtay @kangmingtay
Katerina Skroumpelou @mandarini
Kevin Rocker @kjrocker
Krzysztof Borowy @krizzu
Lakshan Perera
Laurence Isla
Lenny
Luca Casonato
Marcelo Barreto
Marcelo T Prado
Marcus Stade @mstade
Marshall Polaris
Martin Sonnberger
masaharu @masaharu99
Matsu @Matsuuu
Max
Muhammad Ali @Mukhammadali
Muthukumar
Nyannyacha @nyannyacha
Omar Al Matar @Bewinxed
Oswaldo Vázquez
Ozan
Paul Copplestone
Pham Hieu
phamhieu
Philipp Steinrötter
pip
Rafał Nawojczyk @rafalnawojczyk
Ricardo Basto @rbasto1
Robert @robgev
Rodrigo Mansueli Nunes @mansueli
Ross Waycaster
Ryuya
Shankhadeep Dey
Shlomo Morosow
Spencer Jones @sjones6
Stefan Aebischer
Steve Chavez @steve-chavez
steve-chavez @steve-chavez
Stojan Dimitrovski @hf
stupidawesome
Taewoo Kim
TeeWallz
Thor 雷神 Schaeff @thorwebdev
Thorsten Schaeff
thorwebdev
Tomáš Hübelbauer
Trần Đức Trung @niits
travis-humata @travis-humata
tvogel
Tyler @dshukertjr
Vandivier
Vinzent
Wen Bo Xie @w3b6x9
Yash Goyal
zakzackr @zakzackr

@supabase/supabase-js 2.58.1-canary.0 v2.58.1-canary.0 on Node.js NPM

2.58.1-canary.0 (2025-10-01)

🚀 Features

🩹 Fixes

🔥 Performance

⚠️ Breaking Changes

❤️ Thank You

@supabase/supabase-js 2.58.1-canary.0
v2.58.1-canary.0

on Node.js NPM