Supabase vs GitHub
Side-by-side trajectory, velocity, and editorial themes.
Supabase is reversing its biggest security default - public-schema tables no longer auto-exposed via PostgREST.
The headline shipping move is a deliberate change to Supabase's security posture: new projects can opt out of automatic Data API and GraphQL exposure for public-schema tables, with broader defaults flipping in May. Around it: an OAuth 2.1 compliance fix, an RLS Tester preview to make policy verification possible from the UI, and a steady drumbeat of platform improvements summarized in the monthly developer update.
Supabase is rebuilding the security defaults that made it fast to start with but easy to misconfigure. Combine the no-auto-expose change with the RLS Tester preview and the direction is clear: the platform is moving from convention-based exposure to explicit, testable access control. The OAuth compliance fix and developer updates suggest steady investment in standards conformance rather than new product surface this window.
Expect the no-auto-expose default to apply to existing projects (with a long opt-out runway), and the RLS Tester to graduate from preview into the dashboard as a first-class panel. Continued breaking-change drumbeat tied to OAuth/OIDC compliance is likely.
GitHub is collapsing Copilot from chat into autonomous task execution across the platform.
Copilot has graduated from a code-completion sidebar into a multi-model agent woven through GitHub's surface area — code review, Actions, issues, security. Recent releases shift model selection from user choice toward automated routing, add semantic understanding of the issues corpus, and extend the cloud agent's reach to fix failing CI jobs and apply review feedback in one click. The model lineup keeps widening (Gemini 3.5 Flash GA), but the bigger move is hiding that complexity behind verbs like 'Fix with Copilot'.
GitHub is moving the user one rung up the abstraction ladder: instead of picking models, prompts, or scopes, you delegate jobs and Copilot orchestrates underneath. Multi-vendor model support signals comfort with using the best provider per task rather than betting on one model house, while a deliberate verb consolidation ('Fix with Copilot') unifies what used to be feature-specific buttons. Auxiliary work — telemetry URL stabilization, OIDC expansion, GHAS trial flows — keeps the platform plumbing in step with that agentic push.
Expect Copilot to claim more of the actual git workflow next: autonomous PR drafting from issue context, agent-led triage built on the new semantic issues index, and broader cloud-agent coverage of the Actions and security surfaces where one-click fixes already exist. Model-choice UI is likely to keep shrinking as the auto-router takes over.
See more alternatives to Supabase →
See more alternatives to GitHub →