@wix/bookings — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

yoavwix-cishahatawixnpmwix-ambassadorwix-ci-publisherwix-bi-publishergalil-teamusability-sessionsyurynixydanivmayacoamitde007haimbrum-wixyoungshinobiethanpshlomitc-wixarielhwix-org-headlessfalconcinadavlacroir-wixdorchaouat

Keywords

wixSdkBackendModulewixSdkPageModulewixSdkPublicModule

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@wix/auto_sdk_bookings_catalog-search	AI (dependencies): Internal Wix scoped dependency; consistent with other accepted Wix auto_sdk deps in this package.	ai	2026/06/11
publish-pattern	rapid-publish	AI (publish-pattern): Wix CI automated publishing pipeline; rapid publishes are normal for this publisher.	ai	2026/06/11
dependencies	unvetted-dep:@wix/auto_sdk_bookings_attribute-definition	AI (dependencies): Wix-scoped auto-generated SDK dep; consistent with this package's established pattern.	ai	2026/06/08
dependencies	unvetted-dep:@wix/auto_sdk_bookings_related-products	AI (dependencies): Wix-scoped auto-generated SDK dep; consistent with this package's established pattern.	ai	2026/06/08
dependencies	unvetted-dep:@wix/auto_sdk_bookings_attribute-value	AI (dependencies): Wix-scoped auto-generated SDK dep; consistent with this package's established pattern.	ai	2026/06/08
dependencies	unvetted-dep:@wix/auto_sdk_bookings_time-slots-configuration	AI (dependencies): Wix-namespaced dep added by trusted wix-ci-publisher; consistent with Wix's auto-SDK generation pattern.	ai	2026/06/04
maintainer-change	maintainer-removed	AI (maintainer-change): Paired with maintainer-added; consistent with Wix internal team changes, not a takeover signal.	ai	2026/06/01
maintainer-change	maintainer-added	AI (maintainer-change): Wix internal team rotation; wix-ci-publisher CI pipeline publishes consistently across thousands of packages.	ai	2026/06/01
phantom-deps	phantom-dep:@wix/bookings_app-extensions	AI (phantom-deps): Same-org dependency declared in package.json; phantom-dep heuristic is a false positive for this SDK aggregator pattern.	ai	2026/05/31
provenance	no-provenance	AI (provenance): Wix CI publisher does not use Sigstore provenance; stable pattern across all their packages.	ai	2026/05/26
bogus-package	bogus-package	AI (bogus-package): Wix internal monorepo package; missing metadata is a known pattern across their 2000+ published packages.	ai	2026/05/26
npm-metadata	no-description	AI (npm-metadata): Consistent with Wix internal package publishing pattern; not a malicious indicator here.	ai	2026/05/26
dependencies	unvetted-dep:@wix/auto_sdk_bookings_resource-types	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_external-calendars	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_staff-member-settings	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_booking-policy-snapshots	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_service-options-and-variants	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_categories-v-2	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_staff-sorting	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_staff-members	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_booking-fees	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_categories	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_attendance	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_add-ons	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/bookings_app-extensions	AI (dependencies): Internal Wix namespace dependency; consistent with Wix SDK auto-generation pattern.	ai	2026/05/22
dependencies	unvetted-dep:@wix/headless-bookings	AI (dependencies): Internal Wix namespace dependency; consistent with Wix SDK auto-generation pattern across all versions.	ai	2026/05/22

Versions (showing 51 of 51)

Version	Deps	Published
1.0.1418	33 / 3	2026-06-10
1.0.1414	33 / 3	2026-06-09
1.0.1412	32 / 3	2026-06-07
1.0.1409	29 / 3	2026-06-03
1.0.1408	29 / 3	2026-06-01
1.0.1397	28 / 3	2026-05-24
1.0.1383	27 / 3	2026-05-11
1.0.1374	27 / 3	2026-04-29
1.0.1358	26 / 3	2026-04-19
1.0.1343	25 / 3	2026-03-30
1.0.1316	25 / 3	2026-02-27
1.0.1311	25 / 3	2026-02-25
1.0.1304	25 / 3	2026-02-22
1.0.1266	25 / 3	2026-01-18
1.0.1240	25 / 3	2026-01-06
1.0.1151	22 / 3	2025-11-18
1.0.1149	22 / 3	2025-11-17
1.0.1134	22 / 3	2025-11-11
1.0.1127	22 / 3	2025-11-06
1.0.1116	22 / 3	2025-10-31
1.0.1098	22 / 3	2025-10-21
1.0.1034	20 / 2	2025-08-24
1.0.1020	20 / 2	2025-08-18
1.0.1016	20 / 2	2025-08-13
1.0.1013	20 / 2	2025-08-13
1.0.1009	20 / 2	2025-08-12
1.0.991	20 / 2	2025-08-07
1.0.969	20 / 2	2025-07-24
1.0.968	20 / 2	2025-07-24
1.0.939	20 / 2	2025-07-13
1.0.936	20 / 2	2025-07-10
1.0.929	20 / 2	2025-07-03
1.0.927	20 / 2	2025-07-02
1.0.925	20 / 2	2025-07-01
1.0.918	20 / 2	2025-06-25
1.0.906	20 / 2	2025-06-12
1.0.897	20 / 2	2025-06-11
1.0.896	20 / 2	2025-06-10
1.0.891	20 / 2	2025-06-05
1.0.885	20 / 2	2025-06-05
1.0.882	20 / 2	2025-06-04
1.0.876	20 / 1	2025-06-03
1.0.865	20 / 1	2025-05-26
1.0.856	19 / 1	2025-05-22
1.0.854	19 / 1	2025-05-22
1.0.850	19 / 1	2025-05-22
1.0.844	19 / 1	2025-05-21
1.0.842	19 / 1	2025-05-21
1.0.839	19 / 1	2025-05-20
1.0.822	19 / 1	2025-05-13
1.0.771	19 / 1	2025-05-04

v1.0.1418

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1414

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1412

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1409

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1408

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1397

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1383

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1358

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1343

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1316

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1311

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1304

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1266

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1240

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1151

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1149

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1134

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1127

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1116

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1098

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1034

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1020

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1016

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1013

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1009

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.991

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.969

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.968

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.939

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.936

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.929

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.927

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.925

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.918

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.906

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.897

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.896

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.891

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.885

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.882

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.876

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.865

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.856

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.854

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.850

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.844

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.842

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.839

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.822

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.771

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.