npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@supabase/ssr

v0.10.3

Published

Use the Supabase JavaScript library in popular server-side rendering (SSR) frameworks.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

etienne_supaetienne_supakiwicopplekiwicoppleange1icoange1icoawaliasawaliasgregnrgregnrphamhieu1998phamhieu1998inianinianstdimstdimziinc_supabaseziinc_supabasemandarinimandarinichase.cresgychase.cresgydswbxdswbxceeteelamceeteelamkevin-supabasekevin-supabasemattrossmanmattrossman

Keywords

SupabaseSSRServer-SideRenderingNextNext.jsNextJSRemixSvelteSvelteKitPostgres

Readme

Supabase clients for use in SSR frameworks

Package Consolidation Notice: This package replaces the deprecated @supabase/auth-helpers-* packages. All framework-specific auth-helpers packages have been consolidated into @supabase/ssr for better maintenance and consistency.

Overview

This package provides a framework-agnostic way to use the Supabase JavaScript library in server-side rendering (SSR) frameworks.

Installation

npm i @supabase/ssr

Deprecated Packages

The following packages have been deprecated and consolidated into @supabase/ssr:

  • @supabase/auth-helpers-nextjs → Use @supabase/ssr
  • @supabase/auth-helpers-react → Use @supabase/ssr
  • @supabase/auth-helpers-remix → Use @supabase/ssr
  • @supabase/auth-helpers-sveltekit → Use @supabase/ssr

If you're currently using any of these packages, please update your dependencies to use @supabase/ssr directly.

Documentation

Please refer to the official server-side rendering guides for the latest best practices on using this package in your SSR framework of choice.

Known patterns and limitations

getSession() vs getUser() vs getClaims()

getSession() returns the session directly from cookies — no network call is made. The user object it contains is not verified by the Auth server and must not be used for authorization decisions; a malicious client could craft a cookie with a spoofed user ID. Do not use getSession() for authorization decisions.

getClaims() validates the access token either locally (using the project's JWKS endpoint for asymmetric keys) or by calling the Auth server, and returns the verified JWT claims. Use it when you need to gate access to resources but don't need a fresh user record from the database.

getUser() contacts the Supabase Auth server on every call and returns the most up-to-date user record, including any changes made since the token was issued. Use it when you need fresh user data (e.g. checking current roles, email, or whether the session is still active server-side).

Concurrent requests with the same expired session

Supabase refresh tokens are single-use. If two requests arrive simultaneously with the same expired session cookie (e.g. from two browser tabs opening at the same time), both will attempt a token refresh. The second request's refresh will fail because the token was already consumed by the first. The second request will receive session: null until the browser syncs the updated cookie from the first response.

The middleware pattern mitigates this for the common case: middleware runs once per navigation and refreshes the session before the page renders, so subsequent requests within the same navigation see a valid token. For parallel requests (e.g. parallel fetch() calls from the client), handle null sessions gracefully and retry or re-authenticate as needed.