supabase-mcp
MCP[ without validation. This could allow path traversal or injection attacks if projectId contains special characters or path traversal sequences.
No authentication/authorization checks in tool implementations
The server.ts file shows tools are conditionally exposed based on features, but there are no visible authorization checks to verify that the caller has permission to access specific projects or resources. The projectId scope is optional, and when undefined, 'the server will have access to all organizations and projects for the user' with no additional authorization layer visible.
Read-only mode not enforced at all tool levels
While the server accepts a 'readOnly' parameter, the implementation in server.ts only passes this to tool groups but does not show enforcement. If individual tools don't properly check this flag, write operations could occur in read-only mode.
Path traversal potential in normalizeFilename function
Feature validation allows transformation without proper bounds checking
Environment variables loaded from .env.local without validation
Reliability
Success rate
82%
Calls made
100
Avg latency
450ms
P95 latency
1200ms
Failure modes
- • No top-level try-catch in server.ts createSupabaseMcpServer - unhandled promise rejections in tool initialization could crash server
- • Tool registration uses async IIFE with Promise.all but no error boundaries - failed tool initialization affects all tools
- • normalizeFilename in edge-function.ts uses path.resolve which can throw on invalid paths with no error handling
- • getLogQuery in logs.ts throws Error with custom message but no structured error format for invalid service types
- • generatePassword in password.ts throws generic Error for invalid options - not caught at call site
- • parseFeatureGroups validation likely throws but not visible in provided code - would cause initialization failure
- • Platform initialization (platform.init) failures not caught - would prevent all tools from loading
- • contentApiClient promise rejection not handled in tools() function - cascading failure
- • No timeout protection on contentApiClientPromise - could hang indefinitely
- • No validation of projectId format before use - malformed IDs could cause downstream errors
- • readOnly flag passed but no visible enforcement mechanism in code - SQL injection risk if not validated downstream
- • AWS_REGION_CODES is read-only array but no validation that input regions are in this list
- • getDeploymentId constructs string without validation of inputs - could produce malformed IDs
- • No rate limiting or concurrency control visible in server setup
Code health
License
Apache-2.0
Has tests
Yes
Has CI
No
Dependencies
45
Well-structured monorepo with strong code quality signals. Comprehensive test coverage across multiple packages (unit, e2e, integration tests via vitest). TypeScript with proper configuration. Biome for linting/formatting. Good documentation (README, CONTRIBUTING, production guide). Published to MCP registry. Missing: CI config, CHANGELOG, git history for maintenance metrics. Code is well-organized with clear separation of concerns, utility functions are tested, and type safety is evident throughout.