Back to feed
Dev.to
Dev.to
5/11/2026
New tool audits Supabase, Firebase, Appwrite, PocketBase, Nhost security leaks

New tool audits Supabase, Firebase, Appwrite, PocketBase, Nhost security leaks

Original: I shipped 5 BaaS security auditors in one day — keyless `npx --discover` mode for Supabase, PocketBase, Appwrite, Firebase, and Nhost

Short summary

Developer discovered critical security leaks in 22 out of 100 random Supabase projects and built 5 open-source BaaS security auditors (Supabase, PocketBase, Appwrite, Firebase, Nhost). The tools use a keyless --discover mode that parses client code and probes public APIs anonymously, requiring no admin credentials. All MIT-licensed, free CLI catches ~70% of leaks; paid audits available for comprehensive review.

  • Found 22 critical leaks in random Supabase projects; 14 in own production CRM
  • Built 5 open-source security auditors using keyless --discover pattern
  • Free CLI tools require no admin credentials; paid audits ($99–$249) available

Generated with AI, which can make mistakes.

#ai-tools#open-source#product-launch#industry-adoption
Read full article at Dev.to

Is this a good recommendation for you?

Explore more

I scanned my own Supabase project and found 17 tables anyone could read with the anon key
Dev.to
I Audited 50 Vibe-Coded Apps. Here's What Broke.
Dev.to
Who actually has admin access to your GitHub repos? Most teams have no idea
Dev.to
Beyond the Vibe: Why “Secure by Default” is the Only Way to Build in 2026
Dev.to