Thanks for considering a contribution. This project is a reusable auth module, so the bar for changes is: does this make it more correct, more secure, or more portable across projects — not just "more features."
- Fork the repo and clone your fork
npm install- Follow the README setup steps to connect a Supabase project (you'll need your own for local development)
- Create a branch off
main:git checkout -b fix/short-description
fix/...— bug fixesfeat/...— new functionalitydocs/...— documentation-only changeschore/...— tooling, deps, CI
Keep them short and in the imperative mood, e.g.:
Fix password toggle overriding controlled type prop
Add rate limiting note to login server action
-
npm run lintpasses -
npm run buildsucceeds - You tested the signup, login, and Google OAuth flows manually against a real Supabase project (there's no test suite yet — see "Testing" below)
- Any new env vars or Supabase setup steps are added to
.env.local.exampleand the README's setup section - No secrets, API keys, or
.env.localvalues are committed
- TypeScript throughout; avoid
any - Server Actions validate input independently of client-side checks — never
trust client validation alone (see
app/(auth)/actions.tsfor the pattern) - Match existing component structure: shadcn/ui primitives in
components/ui/, feature components incomponents/auth/ - Keep components accessible: proper labels, ARIA attributes on dynamic states, keyboard operability — this is an auth form, it needs to work for everyone
There's no automated test suite yet. If you're adding one (very welcome), open an issue first to align on the approach (Playwright for e2e auth flows is a reasonable default) before investing significant time.
Open a GitHub issue with:
- What you expected vs. what happened
- Steps to reproduce (for bugs)
- Whether it's specific to a Supabase config or general to the module
Open an issue with the question label, or start a discussion if the repo
has GitHub Discussions enabled.