GitHub Repository

Open-source Supabase security auditor: detects RLS-disabled tables, public buckets, exposed SECURITY DEFINER functions. Active anonymous probe confirms each leak with the anon key.

19 starsJavaScript

I audited my own back ends on 5 BaaS – leak in every one

Name: I audited my own back ends on 5 BaaS – leak in every one
Availability: InStock
Author: renzom13

by renzom13·May 10, 2026·4 points·2 comments

Visit Project View on HN

AI Analysis

●●SolidSolve My ProblemNiche Gem

Active anon-key probing confirms leaks live instead of just inferring them from config.

Strengths

•Active probing with the anon key validates findings rather than relying on static config checks.
•Generates copy-paste SQL fixes for every detected vulnerability to speed up remediation.
•Runs entirely locally ensuring your access token and audit data never leave your machine.

Weaknesses

•Limited to Supabase ecosystem while similar risks exist in Firebase, Appwrite, and PocketBase.
•Requires a personal access token which adds friction compared to read-only public scans.

Similar Projects

Developer Tools●●Solid

Dbmachine – the back end and front end are Claude, just the plumbing&DB

Database constraints enforce safety — agent cannot corrupt data even when wrong.

Big BrainZero to One

hank2000

218d ago

Security●●●Banger

Sentinel Den – Zero-back end, on-device iOS security SDKs

Pure Swift iOS security SDKs with <2ms overhead beat commercial alternatives for regulated apps.

WizardryNiche GemSolve My Problem

iamuhammadkhan

104d ago

Security●●●Banger

LM Gate – Auth and access-control gateway for self-hosted LLM back ends

Single component replaces nginx + auth + monitoring for exposed Ollama instances.

Solve My ProblemBig Brain

hkdb

302mo ago

Data●●Solid

A skill to audit your dbt project for what an AI agent will get wrong

Catches AI-breaking dbt issues like conflicting revenue metrics and YAML/SQL mismatches.

Niche GemSolve My Problem

matthieu_bl

305d ago

Developer Tools●●Solid

Production-Ready NestJS Back End (Multi-Tenancy, Event-Driven)

Concrete, hands-on demos — row-level multi-tenancy implemented with Prisma, async jobs via BullMQ/Redis, and tracing through OpenTelemetry/Jaeger — make this a useful reference for people building SaaS backends. It’s not reinventing the stack, but the repo bundles several production patterns and infra pieces together in a way that’s easy to explore; would be stronger with architecture diagrams, runnable quickstart scripts and example data.

Niche GemShip It

PkLavc

104mo ago

Developer Tools●Mid

FlowLessAI – NPM I -g vibe-auditor – AI audits your codebase

AI code auditor, but Cursor, Continue, and Copilot already do this inline.

Solve My Problem

mozinovati

103mo ago