Supabase Cheat Sheet
Quick reference for Supabase: authentication, database queries, realtime subscriptions, file storage, and edge functions. Build full-stack apps with this open-source Firebase alternative.
Setup
| npm install @supabase/supabase-js | Install the Supabase JavaScript client |
| import { createClient } from "@supabase/supabase-js" | Import the Supabase client constructor |
| const supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY) | Initialize the Supabase client |
| npx supabase init | Initialize a local Supabase project |
| npx supabase start | Start the local Supabase development stack (Docker) |
| npx supabase db push | Push local schema changes to the remote database |
| npx supabase gen types typescript --local | Generate TypeScript types from your database schema |
| npx supabase link --project-ref <ref> | Link your local project to a remote Supabase project |
Auth
| await supabase.auth.signUp({ email, password }) | Register a new user with email and password |
| await supabase.auth.signInWithPassword({ email, password }) | Sign in an existing user with email and password |
| await supabase.auth.signInWithOAuth({ provider: "github" }) | Sign in with a third-party OAuth provider |
| await supabase.auth.signOut() | Sign out the current user |
| const { data: { user } } = await supabase.auth.getUser() | Get the currently authenticated user |
| const { data: { session } } = await supabase.auth.getSession() | Get the current session with tokens |
| supabase.auth.onAuthStateChange((event, session) => { /* ... */ }) | Listen for auth state changes (sign in, sign out, etc.) |
| await supabase.auth.resetPasswordForEmail(email) | Send a password reset email to a user |
Database Queries
| const { data } = await supabase.from("users").select("*") | Select all rows from a table |
| await supabase.from("users").select("id, name, posts(title)") | Select specific columns with a relation join |
| await supabase.from("users").select("*").eq("id", 1) | Filter rows where a column equals a value |
| await supabase.from("users").select("*").ilike("name", "%alice%") | Case-insensitive pattern matching filter |
| await supabase.from("users").insert({ name: "Alice", email: "[email protected]" }) | Insert a new row into a table |
| await supabase.from("users").update({ name: "Bob" }).eq("id", 1) | Update a row matching a condition |
| await supabase.from("users").delete().eq("id", 1) | Delete a row matching a condition |
| await supabase.from("users").select("*").order("created_at", { ascending: false }).limit(10) | Order by column descending and limit results |
| await supabase.rpc("my_function", { param1: "value" }) | Call a PostgreSQL function via RPC |
Realtime
| supabase.channel("room1").on("broadcast", { event: "msg" }, (payload) => { }).subscribe() | Subscribe to broadcast messages on a channel |
| supabase.channel("room1").send({ type: "broadcast", event: "msg", payload: { text: "hi" } }) | Send a broadcast message to a channel |
| supabase.channel("db").on("postgres_changes", { event: "INSERT", schema: "public", table: "posts" }, callback).subscribe() | Listen for new row inserts in a table |
| supabase.channel("db").on("postgres_changes", { event: "*", schema: "public", table: "posts" }, callback).subscribe() | Listen for all changes (INSERT, UPDATE, DELETE) on a table |
| supabase.channel("presence").on("presence", { event: "sync" }, () => { }).subscribe() | Track online presence for users in a channel |
| channel.track({ user_id: "abc", online_at: new Date() }) | Announce user presence in a channel |
| supabase.removeChannel(channel) | Unsubscribe and remove a realtime channel |
Storage
| await supabase.storage.createBucket("avatars", { public: true }) | Create a public storage bucket |
| await supabase.storage.from("avatars").upload("avatar.png", file) | Upload a file to a storage bucket |
| await supabase.storage.from("avatars").download("avatar.png") | Download a file from storage |
| const { data } = supabase.storage.from("avatars").getPublicUrl("avatar.png") | Get the public URL for a file |
| await supabase.storage.from("avatars").remove(["avatar.png"]) | Delete one or more files from storage |
| await supabase.storage.from("avatars").list("folder/") | List files in a storage folder |
| await supabase.storage.from("avatars").createSignedUrl("private.pdf", 3600) | Generate a signed URL valid for 1 hour |
| await supabase.storage.from("avatars").update("avatar.png", newFile) | Replace an existing file in storage |
Edge Functions
| npx supabase functions new my-function | Create a new edge function scaffold |
| npx supabase functions serve | Run edge functions locally for development |
| npx supabase functions deploy my-function | Deploy an edge function to Supabase |
| Deno.serve(async (req) => { return new Response("OK"); }) | Basic edge function handler (Deno runtime) |
| const { data } = await supabase.functions.invoke("my-function", { body: { key: "value" } }) | Invoke an edge function from the client |
| const supabase = createClient(Deno.env.get("SUPABASE_URL")!, Deno.env.get("SUPABASE_SERVICE_ROLE_KEY")!) | Create an admin Supabase client inside an edge function |
| npx supabase functions deploy --no-verify-jwt my-function | Deploy a function without JWT verification (public) |
| npx supabase functions list | List all deployed edge functions |
Try It Live
Test these patterns with our free SQL Formatter. No signup needed.
Open SQL Formatter →
Step-by-Step Guide
Read Guide →