Auto-remediation added to Supabase security CLI

https://preview.redd.it/rjt616ybiakg1.jpg?width=1790&format=pjpg&auto=webp&s=a589a8cacb77502005523dbfbac66f4cd8602fd6

I posted here a while back about Ship Safe, an open-source tool I built to catch things like leaked service_role keys or missing RLS policies when shipping fast. Some of the feedback was that a simple scanner wasn't enough, so I spent the last week building a way for the CLI to actually help you fix the issues it finds.

What is new:

Auto-Remediation: When the tool finds a hardcoded secret (like a Supabase key), it can now automatically move it to a .env file and replace the code with process.env.VAR_NAME.
Smarter fix command: It generates your .env.example on the fly so your team stays in sync without you doing it manually.
Deep Supabase Checks: The checklist now includes specific prompts for RLS, connection string safety, and edge function environment management.

I am trying to bridge the gap between "vibe coding" speed and senior-level security. It is still 100% local, MIT licensed, and runs via npx.

npx ship-safe

GitHub: https://github.com/asamassekou10/ship-safe

OP

DiscussionHealthy802·2/18/2026, 5:45:42 PM

How to help

DiscussionHealthy802 introduced an update to their open-source tool, Ship Safe, which now includes auto-remediation for security issues like leaked Supabase keys. The tool can automatically move hardcoded secrets to a .env file and improve team synchronization by generating .env.example files. It also includes deeper checks for Supabase-specific security concerns.

1 reply

Good but is it safe, and will not steal credential?

Sea-Employ2890·2/19/2026, 7:02:40 AM

Product areas

CLI

Security

Help on Reddit

reddit·14d ago