Supabase vs Merge
Side-by-side trajectory, velocity, and editorial themes.
Supabase is reversing its biggest security default - public-schema tables no longer auto-exposed via PostgREST.
The headline shipping move is a deliberate change to Supabase's security posture: new projects can opt out of automatic Data API and GraphQL exposure for public-schema tables, with broader defaults flipping in May. Around it: an OAuth 2.1 compliance fix, an RLS Tester preview to make policy verification possible from the UI, and a steady drumbeat of platform improvements summarized in the monthly developer update.
Supabase is rebuilding the security defaults that made it fast to start with but easy to misconfigure. Combine the no-auto-expose change with the RLS Tester preview and the direction is clear: the platform is moving from convention-based exposure to explicit, testable access control. The OAuth compliance fix and developer updates suggest steady investment in standards conformance rather than new product surface this window.
Expect the no-auto-expose default to apply to existing projects (with a long opt-out runway), and the RLS Tester to graduate from preview into the dashboard as a first-class panel. Continued breaking-change drumbeat tied to OAuth/OIDC compliance is likely.
Merge raises the floor on integration fidelity — object URLs and per-tenant identity, week after week.
Merge ships a weekly changelog rhythm across Accounting, ATS, CRM, File Storage, and Chat. Recent weeks emphasize two motifs: making cross-system object URLs first-class in unified responses (Xero, NetSuite, Oracle Fusion) and exposing per-tenant identification on linked accounts so B2B SaaS customers can disambiguate multi-org installs (HubSpot, Dynamics, Zoho, Pipedrive). The cadence is dense and field-level, weighted toward mapping enhancements, webhook fidelity, and edge-case fixes per integration.
Two clear pulls. First, raising the floor on data fidelity — every endpoint should surface an object URL, every linked account should expose tenant identity. Second, expanding Accounting Unified API coverage in both directions, with Oracle Fusion Cloud ERP joining in beta alongside continued NetSuite and QuickBooks polish. Merge is treating the unified API less as a thin translation layer and more as a normalization product where the parity bar keeps moving up.
Expect Oracle Fusion Cloud ERP to graduate from beta with broader endpoint coverage, more tenant-identification rollouts to less-mature CRM connectors, and continued webhook-parity work for write operations across Accounting providers.
See more alternatives to Supabase →
See more alternatives to Merge →