@supabase/ssr .not('col', 'in', array) Filter Generates Invalid URL Parameter (Missing Parentheses) #105
Description
Bug report
- I confirm this is a bug with Supabase, not with my own application.
- I confirm I have searched the Docs, GitHub Discussions, and Discord.
Environment:
Library: @supabase/ssr (used via createBrowserClient) or potentially underlying @supabase/supabase-js
Version @supabase/ssr: 0.5.2
Version @supabase/supabase-js: 2.49.1
Version Next.js: 15.2.4
Version Node: 18.20.7
Framework: Next.js App Router
Context: Client Component ('use client') using the browser client (supabaseBrowser)
Bug Description:
When using the Supabase JavaScript client's .not() filter with the in operator and passing a JavaScript array as the value (e.g., .not('id', 'in', ['uuid1', 'uuid2'])), the generated HTTP request URL for the Supabase (PostgREST) API is malformed.
The client library appears to be omitting the required parentheses () around the comma-separated list of values in the URL parameter.
Steps to Reproduce:
Initialize a Supabase client using createBrowserClient from @supabase/ssr (or potentially createClient from @supabase/supabase-js) for client-side use in a Next.js component.
Define a valid JavaScript array containing multiple values (e.g., UUID strings):
const excludedIds = ['e3d86614-0960-1d0d-af41-f38eb1710821', '5ba6c913-11df-159d-a1fe-dc251d9f2fd9', /* ...more ids */ ];
Execute a query using the .not('columnName', 'in', arrayVariable) filter:
const { data, error } = await supabaseBrowser
.from('your_table_name')
.select('id') // Select any column
.in('some_other_column', [val1, val2]) // Include other filters that work
.not('id', 'in', excludedIds); // This filter causes the error
Expected Result:
The Supabase client should generate a URL query parameter like id=not.in.(uuid1,uuid2,...). The query should execute successfully on the Supabase backend (PostgREST), returning rows where the id is not in the provided list, or returning an empty set if all matching rows have IDs in the list.
Actual Result:
The Supabase (PostgREST) API returns a 400 Bad Request error with the code PGRST100 and a message indicating a parsing failure:
{
"code": "PGRST100",
"details": "unexpected "e" expecting "("", // Or similar depending on the first value
"message": ""failed to parse filter (not.in.uuid1,uuid2,...)" (line 1, column 8)"
}
This indicates the URL parameter was likely generated as id=not.in.uuid1,uuid2,... (missing parentheses), which the backend cannot parse.
Workaround:
Removing the .not('id', 'in', excludedIds) filter allows the rest of the query (including .in() filters) to succeed, confirming the issue is isolated to the not.in. filter implementation with an array value in the client library.