DevelopmentPlaybook9 min readPublished July 13, 2026

TS 4.7–4.9 dropped · 5.0 minimum · ships as a minor, January 2027 or later

supabase-js Raises Its TypeScript floor: Migration Prep

On July 10, 2026, Supabase posted a deprecation notice: supabase-js and its five bundled packages will require TypeScript 5.0 or newer, dropping 4.7 through 4.9 in a minor release planned for January 2027 or later. Most teams are already compliant. This checklist is for finding out whether yours is.

DA
Digital Applied Team
Senior strategists · Published Jul 13, 2026
PublishedJul 13, 2026
Read time9 min
SourcesSupabase changelog · TS release notes
TS versions dropped
3
4.7 · 4.8 · 4.9
New minimum
5.0+
const type params gate
Effective window
2027
January or later · minor release
Packages affected
6
supabase-js + 5 bundled SDKs

Supabase will require TypeScript 5.0 as the minimum version across supabase-js and its bundled packages, dropping support for TypeScript 4.7, 4.8, and 4.9. The deprecation notice went up on July 10, 2026 as Supabase Changelog #47812, with a matching GitHub Discussion from a Supabase maintainer, and the change is planned to ship in a minor release on or after January 2027.

The announcement is easy to misread in both directions. It is not an emergency — nothing changes for existing installs today, and the vast majority of actively maintained repos are already on TypeScript 5.x or newer. But it is also not a non-event, because the bump is planned as a minor release: semver will not warn the repos that are affected, and the repos that are affected tend to be exactly the ones nobody is watching.

This guide covers what Supabase announced and why, the exact timeline as the changelog states it, which TypeScript features actually motivate the floor — including one detail Supabase’s own rationale gets slightly wrong — and a six-step audit sequence to find out whether any repo you own has work to do before January 2027. If you are building on this stack for the first time, our complete Supabase + Next.js integration guide is the companion piece.

Key takeaways
  1. 01
    TypeScript 5.0 becomes the minimum across six packages.Supabase’s July 10, 2026 deprecation notice drops TypeScript 4.7, 4.8, and 4.9 for @supabase/supabase-js and the bundled postgrest-js, auth-js, realtime-js, storage-js, and functions-js.
  2. 02
    It ships as a minor release, January 2027 or later.Supabase frames the bump as not a breaking change, following the same support-policy logic it applies to dropping EOL Node.js versions. Semver ranges like ^2 will pick it up automatically — no major-version warning.
  3. 03
    The genuine gate is const type parameters, not satisfies.Supabase’s rationale groups satisfies with the 5.0 line, but satisfies shipped in TypeScript 4.9 — one of the versions being dropped. const type parameters (5.0) are the feature that truly requires the new floor; NoInfer needs 5.4 and is a later step.
  4. 04
    Most teams are already compliant — by a wide margin.TypeScript 6.0 shipped in March 2026 and the Go-native TypeScript 7.0 reached GA on July 8, 2026 — two days before this notice. A 5.0 floor is conservative catch-up, not a bleeding-edge demand.
  5. 05
    The risk lives in pinned and frozen repos — audit now.A six-step check (compiler version, package.json pins, CI matrix, transitive constraints, a controlled bump, generated-types re-verify) takes an afternoon and removes the January 2027 surprise entirely.

01The AnnouncementWhat Supabase announced on July 10.

The notice arrived through two channels on the same day: a changelog entry titled “Deprecation notice: @supabase/supabase-js will require TypeScript 5.0” (Supabase Changelog #47812) and a community-facing GitHub Discussion posted by a Supabase maintainer. The substance is identical in both. supabase-js’s currently published type declarations target a TypeScript 4.7 floor — a version released in May 2022 that Supabase’s own framing describes as approximately four years outdated. The new minimum will be TypeScript 5.0 or newer.

The scope is broader than the headline package. Because supabase-js bundles its sub-SDKs, the floor moves across six packages at once: @supabase/supabase-js itself plus postgrest-js, auth-js, realtime-js, storage-js, and functions-js. Any project that consumes one of those directly — not just through the umbrella client — inherits the same requirement on the same schedule.

New floor
TypeScript minimum
5.0+

Announced July 10, 2026 via Supabase Changelog #47812 and a maintainer-posted GitHub Discussion. Current published declarations still target a 4.7 floor until the cutover minor ships.

was 4.7 since May 2022
Versions dropped
TS 4.7 · 4.8 · 4.9
3

The three-version 4.x tail leaves support together. Notably, 4.9 already includes the satisfies operator — one of the features Supabase’s rationale associates with the bump.

the 4.x tail
Packages affected
supabase-js + 5 bundled SDKs
6

postgrest-js, auth-js, realtime-js, storage-js, and functions-js move with the umbrella client. Direct consumers of any sub-package inherit the same floor.

one shared floor

Equally important is what does not change yet. During this advance-notice phase, Supabase says its SDKs continue emitting TypeScript 4.7-compatible type declarations — existing installs behave exactly as they did before the announcement. And when the cutover minor eventually ships, Supabase has committed to calling out the last 4.7-supporting version explicitly in that release’s notes and in the package README, so teams that need to pin have a traceable anchor.

02The TimelineA minor release, January 2027 or later.

The changelog states the timeline as a minor release shipping “January 2027 or later” — a vendor-announced window, not a fixed date. That phrasing is worth taking literally in both directions: the change will not land before January 2027, and Supabase has not committed to landing it in January 2027 either. Plan against the earliest edge of the window and you cannot be surprised.

The more consequential detail is the release type. Supabase classifies the floor bump as “not considered a breaking change” under its existing support-policy logic — the same reasoning it applies when dropping end-of-life Node.js versions in minor releases once they leave Active LTS or Maintenance. The TypeScript floor follows that precedent: a development-toolchain requirement, not a runtime API change, and therefore eligible to move in a minor.

Why the minor matters
A semver-minor bump means caret ranges like ^2.x will absorb the new floor automatically on the next install or lockfile refresh after the cutover release ships. No major-version signal, no peer-dependency warning at install time. If a repo is still compiling with TypeScript 4.7–4.9 when that happens, the failure shows up as type errors on a routine dependency update — which is precisely the scenario an audit this quarter prevents.

This is the honest trade-off of modern SDK support policies. Treating toolchain floors as non-breaking keeps major versions meaningful for actual API changes, and vendors across the ecosystem increasingly follow the same pattern. But it shifts the monitoring burden onto consumers: the signal arrives as a changelog post six months ahead, not as a semver fence at install time. Teams that read changelogs — or automate reading them — get a smooth migration. Teams that rely on semver alone get a surprise.

03The RationaleWhy the floor moves — and what it actually unlocks.

Supabase gives three reasons for the bump. First, the age of the baseline: type declarations targeting a May 2022 compiler are approximately four years behind by the announcement date. Second, the old floor blocks the SDK from adopting modern type-system features — the changelog names const type parameters, the satisfies operator, and (later) NoInfer. Third, the 4.7 floor constrains transitive dependencies to older releases, with zod named specifically — though no target zod version is stated in the announcement, so we will not invent one here.

The feature list deserves a closer look than the changelog gives it, because the three features sit at three different TypeScript versions — and only one of them actually requires the new floor.

The genuine gate
const type parameters
Introduced in TypeScript 5.0 · March 16, 2023

Lets a generic type parameter default to const-like literal inference without demanding an immutable constraint from callers. This is the one named feature that genuinely requires 5.0 — the real reason the floor lands where it does.

Requires the new floor
Already on 4.9
satisfies operator
Introduced in TypeScript 4.9 · November 15, 2022

Supabase’s rationale groups satisfies with the 5.0 line, but it shipped one version earlier — in 4.9, one of the very versions being dropped. TypeScript 5.0 only added JSDoc @satisfies for plain-JavaScript users.

Predates the 5.0 floor
A later step
NoInfer utility type
Introduced in TypeScript 5.4 · March 2024

Not unlocked by the 5.0 floor at all — NoInfer needs 5.4 or newer, a version Supabase has not committed to as a minimum. Supabase’s own wording hedges it as a later adoption; read the 5.0 bump as a stepping stone toward it.

Needs a future 5.4+ floor
The precision that matters
If your repo is pinned to TypeScript 4.9, you already have the satisfies operator — losing SDK support is not what takes it away from you, and gaining 5.0 is not what grants it. The accurate mental model: const type parameters are the 5.0-exclusive unlock, satisfies predates the floor, and NoInfer waits on a hypothetical future 5.4+ bump. Being more precise than the vendor’s shorthand here is exactly what stops a migration plan from chasing the wrong feature.

04The Version MapWhere your repo sits on the TypeScript floor.

The table below cross-references each relevant TypeScript version against its release date, the feature milestone it carries, its age on the day Supabase posted the notice, and the action it implies. The point of the exercise: the announced minimum was already more than three years old on announcement day, and the compiler ecosystem has moved a full compiler generation past it.

TypeScript version map against the announced supabase-js floor: each version’s release date, feature milestone, age on July 10, 2026 (the announcement date), and the action it implies. Synthesis by Digital Applied from Microsoft’s TypeScript 4.9, 5.0, 5.4, and 6.0 release materials and Supabase Changelog #47812, July 2026.
VersionReleasedFeature milestoneAge on Jul 10, 2026Action before the cutover
Dropped under the announced floor
TS 4.7May 2022Current floor of supabase-js’s published type declarations~4 yrs 2 moUpgrade to 5.0+ before the cutover minor ships
TS 4.8Between 4.7 and 4.9Upgrade to 5.0+ before the cutover minor ships
TS 4.9Nov 15, 2022satisfies operator introduced (not 5.0)~3 yrs 8 moUpgrade to 5.0+ — you already have satisfies
The announced minimum
TS 5.0Mar 16, 2023const type parameters introduced — the genuine gate~3 yrs 4 moCompliant — no action required
Above the floor
TS 5.4Mar 2024NoInfer utility type introduced~2 yrs 4 moCompliant — future-proofs a later NoInfer-era bump
TS 6.0Mar 23, 2026Final JavaScript-hosted compiler release~3.5 moCompliant — well ahead of the floor
TS 7.0Jul 8, 2026Go-native compiler reaches general availability2 daysCompliant — the floor is far behind you

Read bottom-up and the framing inverts. The question in July 2026 is not “can my team reach TypeScript 5.0” — for most, that happened years ago. It is “does any repo I am responsible for still sit in the dropped band without anyone noticing.” That is a discovery problem, not an engineering problem, which is why the next section is a checklist rather than a tutorial.

05The ChecklistThe six-step audit sequence.

Run this once per repository that touches supabase-js or any of its bundled packages — including internal tools and one-off integrations. Agent-style builds are the classic blind spot: a sync service like the one in our Zoho-to-Supabase sync agent tutorial runs unattended for months, which is exactly the profile of a repo whose toolchain quietly ages past a floor.

Migration-readiness audit sequence for the supabase-js TypeScript 5.0 floor: six ordered steps with the command or action to run, what each step checks for, and why it matters before the January 2027 or later cutover. Runbook by Digital Applied, July 2026.
StepCommand / actionWhat you are checking forWhy before the cutover
1. Confirm the compiler you actually runnpx tsc --version (per workspace in a monorepo)The TypeScript version your builds really use — not the one you assumeAnything reporting 4.7–4.9 is in the dropped range and needs a plan
2. Find declared version pinsSearch package.json files for a typescript entry in devDependencies and peerDependenciesTilde or exact pins such as ~4.9.5 that silently hold a repo on a dropped versionA pin outlives the engineer who added it — this is where frozen repos hide
3. Check your CI matrixReview CI config for jobs that test against pinned or older TypeScript versionsMatrix legs still exercising 4.x compilersA 4.x leg will fail against post-cutover declarations and wastes CI budget until removed
4. Map transitive constraintsnpm ls typescript or pnpm why typescriptOlder or duplicated TypeScript copies pulled in by tooling and shared configsSupabase says the old floor constrains transitive dependencies such as zod — your tree may mirror that
5. Bump in a controlled PRRaise the floor to TypeScript 5.0 or newer in one dedicated change, then run a full typecheckCompile errors surfaced by the new compiler, in isolationBetter to absorb the diff on your schedule than during a dependency emergency in 2027
6. Re-verify generated types and consumersRegenerate Supabase database types and typecheck every package that imports themThat generated types and downstream packages still compile on the new floorGenerated definitions and internal libraries are the usual last mile of a floor bump

Steps one through four are read-only and parallelizable — an afternoon across a typical portfolio, and a natural job for a coding agent sweeping every repo in an org. Steps five and six are the actual change, and the reason to do them now rather than in January 2027 is control: a compiler bump merged in a quiet week is reviewable; the same bump forced by a broken dependency update is a fire drill.

06TriageWho actually has work to do.

The audit sorts every repo into one of four situations. Three of them resolve in under an hour; one deserves a real plan.

Already on 5.0+
Most actively maintained repos

No action required. Supabase states that teams already on TypeScript 5.0 or newer face no change. Record the audit result and move on — the floor bump is a non-event for you.

Do nothing
Pinned to 4.7–4.9
Repos with a deliberate pin

Schedule the controlled bump (steps 5–6) this quarter. The pin usually guards against an old incompatibility that no longer exists — verify, bump to 5.0+, and remove the pin’s reason from the record.

Bump this quarter
Frozen legacy repos
Cannot move off 4.x yet

The hard case: another dependency genuinely blocks TypeScript 5.0. Pin supabase-js to the last 4.7-supporting release — Supabase commits to naming it in the release notes and README — and treat that pin as technical debt with an owner and a date.

Pin + plan the exit
Library authors
Packages that wrap supabase-js

Check your own declared TypeScript expectations and peer ranges. If your package supports 4.x consumers while depending on supabase-js, the floor bump propagates through you — decide whether to mirror it before your users discover it for you.

Mirror the floor

One caution for the pin-and-defer path: a pinned SDK version stops receiving fixes and new API surface the moment the cutover minor ships. Pinning is a bridge, not a destination — the longer a frozen repo stays on the bridge, the more expensive the eventual crossing. If a legacy codebase is blocking the compiler upgrade, that is usually the signal it needs broader modernization work, the kind our web development team scopes as a dependency-floor audit before it becomes an emergency.

07Ecosystem ContextA 5.0 floor in a TypeScript 7.0 world.

The timing gives this announcement its real meaning. TypeScript 6.0 — the final JavaScript-hosted compiler release — shipped on March 23, 2026. TypeScript 7.0, the Go-native compiler rewrite, reached general availability on July 8, 2026: two days before Supabase posted this notice. By the time the floor takes effect in 2027, the announced minimum will be roughly four years old and a full compiler generation behind the current compiler. For the full picture of where the compiler itself is heading, see our TypeScript 7.0 GA migration playbook; for the last stretch of the 5.x line, our TypeScript 5.9 developer guide covers the features between the new floor and the 6.x/7.x era.

That context cuts both ways. On one side, it makes the bump about as low-risk as an ecosystem-wide floor change can be — supabase-js is one of the most widely used Supabase and Postgres client SDKs on npm, and moving its minimum to a three-year-old compiler version asks almost nothing of the median team. On the other side, it shows how conservative SDK floors have to be: even with TypeScript 7.0 GA, Supabase is only asking for 5.0, because the long tail of pinned enterprise repos is real and vendors know it.

Looking forward, the reasonable expectation is that this is the first bump of several, not the last. Supabase’s own rationale frames NoInfer — a TypeScript 5.4 feature — as a later adoption, which implies a future floor at 5.4 or higher once the 5.0 move proves uneventful. And the broader pattern of toolchain floors moving through minor releases under published support policies is spreading across the SDK ecosystem. The durable lesson for engineering teams: treat compiler and runtime floors as dependencies you audit on a schedule, not as constants — because the vendors stopped treating them as constants years ago.

08ConclusionA quiet change with a long fuse.

The bottom line, July 2026

Semver will not warn you — the changelog just did.

Supabase’s TypeScript 5.0 floor is the gentlest kind of breaking change: announced roughly six months ahead, scoped to a three-year-old compiler version, shipping in a minor under a published support-policy precedent, with the last compatible release explicitly documented for teams that need to pin. Nothing changes today, and for teams on TypeScript 5.0 or newer, nothing changes in 2027 either.

The work is discovery, not migration. Run the six-step audit across every repo that touches supabase-js or its bundled packages, sort each into the four triage buckets, and schedule the controlled bump for anything still in the 4.7–4.9 band. Precision helps here too: the feature that actually requires 5.0 is const type parameters — satisfies has been yours since 4.9, and NoInfer waits on a floor Supabase has not announced.

The wider signal is the one worth internalizing. Toolchain floors now move through minor releases, announced in changelogs rather than enforced by semver. Teams that audit their floors on a schedule turn announcements like this one into a non-event; teams that rely on version ranges to protect them will keep meeting these changes as surprises. January 2027 is far away — which is exactly why this is the cheap moment to check.

Keep your stack ahead of the floor

Toolchain floors move in minors now — audits are how teams stay ahead of them.

Our team runs dependency-floor audits, framework migrations, and modernization roadmaps for production web stacks — Supabase, Next.js, and TypeScript included — delivered in days, not quarters.

Free consultationExpert guidanceTailored solutions
What we work on

Stack-modernization engagements

  • Dependency-floor audits across multi-repo portfolios
  • TypeScript and framework version migrations
  • Supabase + Next.js production architecture
  • CI pipelines that catch floor changes automatically
  • Legacy-repo modernization roadmaps with owners and dates
FAQ · supabase-js TypeScript floor

The questions we get every week.

On July 10, 2026, Supabase published a deprecation notice — Changelog #47812, mirrored as a maintainer-posted GitHub Discussion — stating that @supabase/supabase-js will require TypeScript 5.0 or newer. Support for TypeScript 4.7, 4.8, and 4.9 will be dropped. The change covers supabase-js and its five bundled packages: postgrest-js, auth-js, realtime-js, storage-js, and functions-js. The SDK’s currently published type declarations target a TypeScript 4.7 floor, which dates to May 2022 and which Supabase’s own framing describes as approximately four years outdated. Nothing changes for existing installs during the advance-notice phase — the SDKs continue emitting 4.7-compatible declarations until the cutover release ships.