@supabase/pg-delta 1.0.0-alpha.12 → 1.0.0-alpha.14

package/dist/core/connection-url.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Connection URL normalization for pg-delta.
+ *
+ * Auto-normalizes percent-encoded IPv6 hosts in PostgreSQL connection URLs.
+ * A URL like `postgresql://user:pass@2406%3Ada18%3A...%3Ab3c9:5432/db`
+ * becomes `postgresql://user:pass@[2406:da18:...:b3c9]:5432/db` before it
+ * reaches `pg-connection-string` / `pg.Pool`, so DNS resolution sees the
+ * address in its canonical bracketed form.
+ *
+ * Non-IPv6 hosts (IPv4, DNS names, already-bracketed IPv6, partial fragments
+ * that just happen to contain `%3A`) are returned verbatim.
+ */
+/**
+ * Return true if `value` is a valid IPv6 literal in any canonical form:
+ * full 8-group, `::` compression, or IPv4-mapped (`::ffff:1.2.3.4`).
+ * RFC 4007 zone identifiers (`fe80::1%eth0`) are accepted.
+ */
+export declare function isIPv6(value: string): boolean;
+/**
+ * Normalize a PostgreSQL connection URL so IPv6 hosts reach pg in the
+ * canonical bracketed form.
+ *
+ * If the URL's hostname contains a percent-encoded colon AND the decoded
+ * hostname is a valid IPv6 literal, the hostname is decoded and wrapped in
+ * `[...]`. All other fields (scheme, userinfo, port, path, query, fragment)
+ * are preserved byte-for-byte from the input.
+ *
+ * Any URL whose decoded hostname does not validate as IPv6 is returned
+ * verbatim, so a malformed input will surface its usual downstream error
+ * instead of being silently rewritten.
+ */
+export declare function normalizeConnectionUrl(url: string): string;

package/dist/core/connection-url.js

@@ -0,0 +1,77 @@
+/**
+ * Connection URL normalization for pg-delta.
+ *
+ * Auto-normalizes percent-encoded IPv6 hosts in PostgreSQL connection URLs.
+ * A URL like `postgresql://user:pass@2406%3Ada18%3A...%3Ab3c9:5432/db`
+ * becomes `postgresql://user:pass@[2406:da18:...:b3c9]:5432/db` before it
+ * reaches `pg-connection-string` / `pg.Pool`, so DNS resolution sees the
+ * address in its canonical bracketed form.
+ *
+ * Non-IPv6 hosts (IPv4, DNS names, already-bracketed IPv6, partial fragments
+ * that just happen to contain `%3A`) are returned verbatim.
+ */
+// IPv6 detection regex vendored from ip-regex (Sindre Sorhus, MIT).
+// https://github.com/sindresorhus/ip-regex
+const v4 = "(?:25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]\\d|\\d)(?:\\.(?:25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]\\d|\\d)){3}";
+const v6seg = "[a-fA-F\\d]{1,4}";
+const v6 = `
+(?:
+(?:${v6seg}:){7}(?:${v6seg}|:)|
+(?:${v6seg}:){6}(?:${v4}|:${v6seg}|:)|
+(?:${v6seg}:){5}(?::${v4}|(?::${v6seg}){1,2}|:)|
+(?:${v6seg}:){4}(?:(?::${v6seg}){0,1}:${v4}|(?::${v6seg}){1,3}|:)|
+(?:${v6seg}:){3}(?:(?::${v6seg}){0,2}:${v4}|(?::${v6seg}){1,4}|:)|
+(?:${v6seg}:){2}(?:(?::${v6seg}){0,3}:${v4}|(?::${v6seg}){1,5}|:)|
+(?:${v6seg}:){1}(?:(?::${v6seg}){0,4}:${v4}|(?::${v6seg}){1,6}|:)|
+(?::(?:(?::${v6seg}){0,5}:${v4}|(?::${v6seg}){1,7}|:))
+)(?:%[0-9a-zA-Z]{1,})?
+`
+    .replace(/\s*\/\/.*$/gm, "")
+    .replace(/\n/g, "")
+    .trim();
+const V6_EXACT = new RegExp(`^${v6}$`);
+/**
+ * Return true if `value` is a valid IPv6 literal in any canonical form:
+ * full 8-group, `::` compression, or IPv4-mapped (`::ffff:1.2.3.4`).
+ * RFC 4007 zone identifiers (`fe80::1%eth0`) are accepted.
+ */
+export function isIPv6(value) {
+    return typeof value === "string" && V6_EXACT.test(value);
+}
+/**
+ * Normalize a PostgreSQL connection URL so IPv6 hosts reach pg in the
+ * canonical bracketed form.
+ *
+ * If the URL's hostname contains a percent-encoded colon AND the decoded
+ * hostname is a valid IPv6 literal, the hostname is decoded and wrapped in
+ * `[...]`. All other fields (scheme, userinfo, port, path, query, fragment)
+ * are preserved byte-for-byte from the input.
+ *
+ * Any URL whose decoded hostname does not validate as IPv6 is returned
+ * verbatim, so a malformed input will surface its usual downstream error
+ * instead of being silently rewritten.
+ */
+export function normalizeConnectionUrl(url) {
+    const urlObj = new URL(url);
+    // Cheap pre-filter: only look closer if the hostname contains a
+    // percent-encoded colon. Anything else is left entirely untouched.
+    if (!/%3[aA]/.test(urlObj.hostname))
+        return url;
+    const decodedHost = decodeURIComponent(urlObj.hostname);
+    // Authoritative validation: only normalize when the decoded string is a
+    // real IPv6 literal. Rejects partial fragments, random hostnames that
+    // happen to contain `%3A`, and any malformed input.
+    if (!isIPv6(decodedHost))
+        return url;
+    // Preserve username/password/port/path/search/hash exactly as they appear
+    // in the WHATWG URL model (these are returned already percent-encoded).
+    const scheme = `${urlObj.protocol}//`;
+    const auth = urlObj.username
+        ? urlObj.password
+            ? `${urlObj.username}:${urlObj.password}@`
+            : `${urlObj.username}@`
+        : "";
+    const port = urlObj.port ? `:${urlObj.port}` : "";
+    const tail = `${urlObj.pathname}${urlObj.search}${urlObj.hash}`;
+    return `${scheme}${auth}[${decodedHost}]${port}${tail}`;
+}

package/dist/core/export/index.d.ts

@@ -1,7 +1,7 @@
 /**
  * Declarative schema export.
  */
-import type { Integration } from "../integrations/integration.types.ts";
+import { type Integration } from "../integrations/integration.types.ts";
 import type { createPlan } from "../plan/create.ts";
 import type { SqlFormatOptions } from "../plan/sql-format/types.ts";
 import type { DeclarativeSchemaOutput, Grouping } from "./types.ts";
@@ -12,7 +12,7 @@ import type { DeclarativeSchemaOutput, Grouping } from "./types.ts";
 type PlanResult = NonNullable<Awaited<ReturnType<typeof createPlan>>>;
 export interface ExportOptions {
     /** Integration for custom serialization */
-    integration?: Integration;
+    integration?: Pick<Integration, "serialize">;
     /**
      * SQL formatter options to control the output style.
      * Merged on top of the default export options (maxWidth: 180, keywordCase: "upper").

package/dist/core/export/index.js

@@ -2,6 +2,7 @@
  * Declarative schema export.
  */
 import { buildPlanScopeFingerprint, hashStableIds } from "../fingerprint.js";
+import { resolveIntegration, } from "../integrations/integration.types.js";
 import { DEFAULT_OPTIONS } from "../plan/sql-format/constants.js";
 import { formatSqlScript } from "../plan/statements.js";
 import { createFileMapper } from "./file-mapper.js";
@@ -22,7 +23,9 @@ import { groupChangesByFile } from "./grouper.js";
  */
 export function exportDeclarativeSchema(planResult, options) {
     const { ctx, sortedChanges } = planResult;
-    const integration = options?.integration;
+    const integration = options?.integration
+        ? resolveIntegration(options?.integration)
+        : {};
     const formatOptions = options?.formatOptions === null
         ? undefined
         : {

package/dist/core/integrations/integration.types.d.ts

@@ -1,6 +1,31 @@
+import { type FilterDSL } from "./filter/dsl.ts";
 import type { ChangeFilter } from "./filter/filter.types.ts";
+import { type SerializeDSL } from "./serialize/dsl.ts";
 import type { ChangeSerializer } from "./serialize/serialize.types.ts";
-export type Integration = {
+/**
+ * A resolved integration is an integration that has been compiled to a function.
+ */
+export type ResolvedIntegration = {
     filter?: ChangeFilter;
     serialize?: ChangeSerializer;
 };
+/**
+ * A raw integration is an integration that has not been compiled to a function.
+ */
+export type IntegrationDSL = {
+    filter?: FilterDSL;
+    serialize?: SerializeDSL;
+};
+/**
+ * An integration is a raw integration that has not been compiled to a function.
+ */
+export type Integration = {
+    filter?: ResolvedIntegration["filter"] | IntegrationDSL["filter"];
+    serialize?: ResolvedIntegration["serialize"] | IntegrationDSL["serialize"];
+};
+/**
+ * Resolve an integration either DSL or already resovled into a ResolvedIntegration.
+ * @param integration - The integration to resolve.
+ * @returns The resolved integration.
+ */
+export declare function resolveIntegration(integration: Integration): ResolvedIntegration | undefined;

package/dist/core/integrations/integration.types.js

@@ -1 +1,31 @@
-export {};
+import { compileFilterDSL } from "./filter/dsl.js";
+import { compileSerializeDSL } from "./serialize/dsl.js";
+/**
+ * Resolve an integration either DSL or already resovled into a ResolvedIntegration.
+ * @param integration - The integration to resolve.
+ * @returns The resolved integration.
+ */
+export function resolveIntegration(integration) {
+    // Determine if filter/serialize are DSL or functions, and extract DSL for storage
+    const isFilterDSL = integration.filter && typeof integration.filter !== "function";
+    const isSerializeDSL = integration.serialize && typeof integration.serialize !== "function";
+    const filterDSL = isFilterDSL ? integration.filter : undefined;
+    const serializeDSL = isSerializeDSL
+        ? integration.serialize
+        : undefined;
+    // Build final integration: compile DSL if needed, use functions directly otherwise
+    if (integration.filter || integration.serialize) {
+        return {
+            filter: typeof integration.filter === "function"
+                ? integration.filter
+                : filterDSL
+                    ? compileFilterDSL(filterDSL)
+                    : undefined,
+            serialize: typeof integration.serialize === "function"
+                ? integration.serialize
+                : serializeDSL
+                    ? compileSerializeDSL(serializeDSL)
+                    : undefined,
+        };
+    }
+}

package/dist/core/integrations/supabase.js

@@ -13,6 +13,7 @@ const SUPABASE_SYSTEM_SCHEMAS = [
     "_supavisor",
     "auth",
     "cron",
+    "etl",
     "extensions",
     "graphql",
     "graphql_public",

package/dist/core/objects/procedure/procedure.diff.js

@@ -99,6 +99,14 @@ export function diffProcedures(ctx, main, branch) {
         if (nonAlterablePropsChanged) {
             // Replace the entire procedure
             changes.push(new CreateProcedure({ procedure: branchProcedure, orReplace: true }));
+            if (mainProcedure.comment !== branchProcedure.comment) {
+                if (branchProcedure.comment === null) {
+                    changes.push(new DropCommentOnProcedure({ procedure: mainProcedure }));
+                }
+                else {
+                    changes.push(new CreateCommentOnProcedure({ procedure: branchProcedure }));
+                }
+            }
         }
         else {
             // Only alterable properties changed - check each one

package/dist/core/objects/table/changes/table.alter.js

@@ -462,13 +462,16 @@ export class AlterTableAlterColumnSetDefault extends AlterTableChange {
     }
     serialize(_options) {
         const set = this.column.is_generated ? "SET EXPRESSION AS" : "SET DEFAULT";
+        const value = this.column.is_generated
+            ? `(${this.column.default ?? "NULL"})`
+            : (this.column.default ?? "NULL");
         return [
             "ALTER TABLE",
             `${this.table.schema}.${this.table.name}`,
             "ALTER COLUMN",
             this.column.name,
             set,
-            this.column.default ?? "NULL",
+            value,
         ].join(" ");
     }
 }

package/dist/core/objects/table/table.diff.js

@@ -486,9 +486,14 @@ export function diffTables(ctx, main, branch) {
                         // Set new default value
                         const isGeneratedColumn = branchCol.is_generated;
                         const isPostgresLowerThan17 = ctx.version < 170000;
-                        if (isGeneratedColumn && isPostgresLowerThan17) {
+                        const generatedStatusChanged = mainCol.is_generated !== branchCol.is_generated;
+                        if (isGeneratedColumn &&
+                            (isPostgresLowerThan17 || generatedStatusChanged)) {
                             // For generated columns in < PostgreSQL 17, we need to drop and recreate
-                            // instead of using SET EXPRESSION AS for computed columns
+                            // instead of using SET EXPRESSION AS for computed columns. We also
+                            // need to recreate the column when switching between regular and
+                            // generated states because SET EXPRESSION only applies to existing
+                            // generated columns.
                             // cf: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=5d06e99a3
                             // cf: https://www.postgresql.org/docs/release/17.0/
                             // > Allow ALTER TABLE to change a column's generation expression

package/dist/core/plan/create.js

@@ -5,8 +5,7 @@ import { escapeIdentifier } from "pg";
 import { diffCatalogs } from "../catalog.diff.js";
 import { createEmptyCatalog, extractCatalog } from "../catalog.model.js";
 import { buildPlanScopeFingerprint, hashStableIds } from "../fingerprint.js";
-import { compileFilterDSL, } from "../integrations/filter/dsl.js";
-import { compileSerializeDSL, } from "../integrations/serialize/dsl.js";
+import { resolveIntegration, } from "../integrations/integration.types.js";
 import { createManagedPool, endPool } from "../postgres-config.js";
 import { sortChanges } from "../sort/sort-changes.js";
 import { classifyChangesRisk } from "./risk.js";
@@ -103,21 +102,10 @@ function buildPlanForCatalogs(fromCatalog, toCatalog, options = {}) {
         ? serializeOption
         : undefined;
     // Build final integration: compile DSL if needed, use functions directly otherwise
-    let finalIntegration;
-    if (filterOption || serializeOption) {
-        finalIntegration = {
-            filter: typeof filterOption === "function"
-                ? filterOption
-                : filterDSL
-                    ? compileFilterDSL(filterDSL)
-                    : undefined,
-            serialize: typeof serializeOption === "function"
-                ? serializeOption
-                : serializeDSL
-                    ? compileSerializeDSL(serializeDSL)
-                    : undefined,
-        };
-    }
+    const finalIntegration = resolveIntegration({
+        filter: filterOption,
+        serialize: serializeOption,
+    });
     // Use filter from final integration
     const filterFn = finalIntegration?.filter;
     let filteredChanges = filterFn

package/dist/core/plan/types.d.ts

@@ -3,10 +3,7 @@
  */
 import z from "zod";
 import type { Change } from "../change.types.ts";
-import type { FilterDSL } from "../integrations/filter/dsl.ts";
-import type { ChangeFilter } from "../integrations/filter/filter.types.ts";
-import type { SerializeDSL } from "../integrations/serialize/dsl.ts";
-import type { ChangeSerializer } from "../integrations/serialize/serialize.types.ts";
+import type { Integration } from "../integrations/integration.types.ts";
 export type PlanRisk = {
     level: "safe";
 } | {
@@ -133,9 +130,9 @@ export type Plan = z.infer<typeof PlanSchema>;
  */
 export interface CreatePlanOptions {
     /** Filter - either FilterDSL (stored in plan) or ChangeFilter function (not stored) */
-    filter?: FilterDSL | ChangeFilter;
+    filter?: Integration["filter"];
     /** Serialize - either SerializeDSL (stored in plan) or ChangeSerializer function (not stored) */
-    serialize?: SerializeDSL | ChangeSerializer;
+    serialize?: Integration["serialize"];
     /** Role to use when executing the migration (SET ROLE will be added to statements) */
     role?: string;
     /**

package/dist/core/postgres-config.d.ts

@@ -3,6 +3,33 @@
  */
 import type { ClientBase, PoolClient, PoolConfig } from "pg";
 import { Pool } from "pg";
+/**
+ * Return true when `err` represents a transient connect failure that makes
+ * sense to retry with backoff (e.g. refused connections, DNS blips, our own
+ * eager-connect timeout wrapper). Returns false for permanent failures such
+ * as authentication errors, TLS negotiation errors, and `ENOTFOUND`.
+ *
+ * Unknown errors are treated as retryable on purpose: transient-by-default
+ * is safer here because a duplicated retry is strictly cheaper than a spurious
+ * hard failure during catalog extraction.
+ */
+export declare function isRetryableConnectError(err: unknown): boolean;
+/**
+ * Retry an async `connect` operation with bounded exponential backoff.
+ * Stops immediately on a non-retryable error. On exhausted attempts, throws
+ * the last observed error.
+ *
+ * Exposed for testing — production call sites always go through
+ * {@link createManagedPool}.
+ */
+export declare function connectWithRetry<T>(opts: {
+    connect: (attempt: number) => Promise<T>;
+    isRetryable?: (err: unknown) => boolean;
+    maxAttempts?: number;
+    baseBackoffMs?: number;
+    maxBackoffMs?: number;
+    sleep?: (ms: number) => Promise<void>;
+}): Promise<T>;
 /**
  * Options for creating a Pool with event listeners.
  */

package/dist/core/postgres-config.js

@@ -2,6 +2,7 @@
  * PostgreSQL connection configuration with custom type handlers.
  */
 import { escapeIdentifier, Pool, types } from "pg";
+import { normalizeConnectionUrl } from "./connection-url.js";
 import { parseSslConfig } from "./plan/ssl-config.js";
 // ============================================================================
 // Array Parser
@@ -96,6 +97,89 @@ types.setTypeParser(1016, (val) => parseArray(val, parseIntElement)); // int8[]
 const DEFAULT_POOL_MAX = Number(process.env.PGDELTA_POOL_MAX) || 5;
 const DEFAULT_CONNECTION_TIMEOUT_MS = Number(process.env.PGDELTA_CONNECTION_TIMEOUT_MS) || 3_000;
 const DEFAULT_CONNECT_TIMEOUT_MS = Number(process.env.PGDELTA_CONNECT_TIMEOUT_MS) || 2_500;
+const DEFAULT_CONNECT_MAX_ATTEMPTS = Number(process.env.PGDELTA_CONNECT_MAX_ATTEMPTS) || 3;
+const DEFAULT_CONNECT_BASE_BACKOFF_MS = Number(process.env.PGDELTA_CONNECT_BASE_BACKOFF_MS) || 250;
+const DEFAULT_CONNECT_MAX_BACKOFF_MS = Number(process.env.PGDELTA_CONNECT_MAX_BACKOFF_MS) || 1_000;
+// PostgreSQL auth-class SQLSTATE codes: not retryable.
+const NON_RETRYABLE_PG_CODES = new Set([
+    "28000", // invalid_authorization_specification
+    "28P01", // invalid_password
+    "28P02", // pgdelta: alias reserved here to future-proof against new auth codes
+]);
+// Non-retryable TLS/SSL markers. The `pg` driver surfaces TLS failures as
+// either plain Node `Error` instances with a code on `ERR_TLS_*` or error
+// messages that include well-known cert/TLS terminology; we match both
+// because node-pg normalises some of these.
+const TLS_MESSAGE_MARKERS = [
+    "self-signed certificate",
+    "self signed certificate",
+    "unable to verify the first certificate",
+    "certificate has expired",
+    "tls",
+    "ssl",
+];
+/**
+ * Return true when `err` represents a transient connect failure that makes
+ * sense to retry with backoff (e.g. refused connections, DNS blips, our own
+ * eager-connect timeout wrapper). Returns false for permanent failures such
+ * as authentication errors, TLS negotiation errors, and `ENOTFOUND`.
+ *
+ * Unknown errors are treated as retryable on purpose: transient-by-default
+ * is safer here because a duplicated retry is strictly cheaper than a spurious
+ * hard failure during catalog extraction.
+ */
+export function isRetryableConnectError(err) {
+    if (!(err instanceof Error))
+        return true;
+    const code = err.code;
+    if (code && NON_RETRYABLE_PG_CODES.has(code))
+        return false;
+    if (code === "ENOTFOUND")
+        return false;
+    if (code && typeof code === "string" && code.startsWith("ERR_TLS")) {
+        return false;
+    }
+    const message = err.message?.toLowerCase() ?? "";
+    // Our own eager-connect timeout wrapper is retryable (flaky network).
+    if (message.includes("timed out after"))
+        return true;
+    for (const marker of TLS_MESSAGE_MARKERS) {
+        if (message.includes(marker))
+            return false;
+    }
+    return true;
+}
+/**
+ * Retry an async `connect` operation with bounded exponential backoff.
+ * Stops immediately on a non-retryable error. On exhausted attempts, throws
+ * the last observed error.
+ *
+ * Exposed for testing — production call sites always go through
+ * {@link createManagedPool}.
+ */
+export async function connectWithRetry(opts) {
+    const maxAttempts = opts.maxAttempts ?? DEFAULT_CONNECT_MAX_ATTEMPTS;
+    const baseBackoffMs = opts.baseBackoffMs ?? DEFAULT_CONNECT_BASE_BACKOFF_MS;
+    const maxBackoffMs = opts.maxBackoffMs ?? DEFAULT_CONNECT_MAX_BACKOFF_MS;
+    const isRetryable = opts.isRetryable ?? isRetryableConnectError;
+    const sleep = opts.sleep ?? ((ms) => new Promise((r) => setTimeout(r, ms)));
+    let lastError;
+    for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+        try {
+            return await opts.connect(attempt);
+        }
+        catch (err) {
+            lastError = err;
+            if (attempt >= maxAttempts || !isRetryable(err)) {
+                throw err;
+            }
+            const backoff = Math.min(baseBackoffMs * 2 ** (attempt - 1), maxBackoffMs);
+            await sleep(backoff);
+        }
+    }
+    // Unreachable: loop either returns or throws.
+    throw lastError;
+}
 /**
  * Create a Pool with custom type handlers and optional event listeners.
  */
@@ -180,7 +264,11 @@ export function createPool(connectionString, options) {
  * to close (via {@link endPool}).
  */
 export async function createManagedPool(url, options) {
-    const sslConfig = await parseSslConfig(url, options?.label ?? "target");
+    // Normalize percent-encoded IPv6 hosts (e.g. `2406%3A...%3Ab3c9`) into the
+    // canonical bracketed form before the URL reaches `parseSslConfig` or pg.
+    // Non-IPv6 hosts are returned unchanged.
+    const normalizedUrl = normalizeConnectionUrl(url);
+    const sslConfig = await parseSslConfig(normalizedUrl, options?.label ?? "target");
     const pool = createPool(sslConfig.cleanedUrl, {
         ...(sslConfig.ssl !== undefined ? { ssl: sslConfig.ssl } : {}),
         onError: (err) => {
@@ -197,15 +285,19 @@ export async function createManagedPool(url, options) {
     });
     // Eagerly validate connectivity so SSL/auth failures surface immediately
     // instead of hanging on the first real query. node-pg's connectionTimeoutMillis
-    // is not reliably enforced under Bun when SSL negotiation hangs.
+    // is not reliably enforced under Bun when SSL negotiation hangs. Transient
+    // failures (refused connections, flaky DNS, our own timeout wrapper) are
+    // retried with bounded exponential backoff; auth/TLS/ENOTFOUND fail fast.
     const label = options?.label ?? "target";
     const timeoutMs = DEFAULT_CONNECT_TIMEOUT_MS;
     try {
-        const client = await Promise.race([
-            pool.connect(),
-            new Promise((_, reject) => setTimeout(() => reject(new Error(`Connection to ${label} database timed out after ${timeoutMs}ms. ` +
-                `The server may require SSL, use an invalid certificate, or be unreachable.`)), timeoutMs)),
-        ]);
+        const client = await connectWithRetry({
+            connect: () => Promise.race([
+                pool.connect(),
+                new Promise((_, reject) => setTimeout(() => reject(new Error(`Connection to ${label} database timed out after ${timeoutMs}ms. ` +
+                    `The server may require SSL, use an invalid certificate, or be unreachable.`)), timeoutMs)),
+            ]),
+        });
         client.release();
     }
     catch (err) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@supabase/pg-delta",
-  "version": "1.0.0-alpha.12",
+  "version": "1.0.0-alpha.14",
   "description": "PostgreSQL migrations made easy",
   "type": "module",
   "sideEffects": false,
@@ -72,6 +72,7 @@
     "format-and-lint": "biome check . --error-on-warnings",
     "knip": "knip",
     "pgdelta": "bun src/cli/bin/cli.ts",
+    "sync-base-images": "bun scripts/sync-supabase-base-images.ts",
     "test": "bun scripts/run-tests.ts",
     "test:unit": "bun run test src/",
     "test:integration": "bun run test tests/",