@wix/ecom
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@wix/auto_sdk_ecom_wishlists | AI (dependencies): Internal Wix SDK dependency published by the same trusted CI pipeline; consistent with this package's automated release pattern. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Wix mass-produced SDK package; templated naming, no description, and no repo URL are stable traits of this publisher's packages. | ai | |
| publish-pattern | rapid-publish | AI (publish-pattern): Wix CI automated pipeline regularly publishes SDK packages in rapid succession; stable pattern for this publisher. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Wix internal SDK package; missing description is a stable pattern across its many versions. | ai | |
| provenance | no-provenance | AI (provenance): Wix CI publisher consistently publishes without provenance; stable pattern for this package family. | ai |
Versions (showing 51 of 999)
| Version | Deps | Published |
|---|---|---|
| 1.0.2154 | 55 / 3 | |
| 1.0.2153 | 55 / 3 | |
| 1.0.2151 | 55 / 3 | |
| 1.0.2147 | 55 / 3 | |
| 1.0.2114 | 55 / 3 | |
| 1.0.2113 | 55 / 3 | |
| 1.0.2105 | 55 / 3 | |
| 1.0.2104 | 54 / 3 | |
| 1.0.2103 | 54 / 3 | |
| 1.0.2102 | 54 / 3 | |
| 1.0.2101 | 54 / 3 | |
| 1.0.2100 | 54 / 3 | |
| 1.0.2099 | 54 / 3 | |
| 1.0.2098 | 54 / 3 | |
| 1.0.2097 | 54 / 3 | |
| 1.0.2096 | 54 / 3 | |
| 1.0.2095 | 54 / 3 | |
| 1.0.2094 | 54 / 3 | |
| 1.0.2093 | 54 / 3 | |
| 1.0.2092 | 54 / 3 | |
| 1.0.2091 | 54 / 3 | |
| 1.0.2090 | 54 / 3 | |
| 1.0.2089 | 54 / 3 | |
| 1.0.2088 | 54 / 3 | |
| 1.0.2087 | 54 / 3 | |
| 1.0.2086 | 54 / 3 | |
| 1.0.2085 | 54 / 3 | |
| 1.0.2084 | 54 / 3 | |
| 1.0.2083 | 54 / 3 | |
| 1.0.2082 | 54 / 3 | |
| 1.0.2081 | 54 / 3 | |
| 1.0.2080 | 54 / 3 | |
| 1.0.2079 | 54 / 3 | |
| 1.0.2078 | 54 / 3 | |
| 1.0.2077 | 54 / 3 | |
| 1.0.2076 | 54 / 3 | |
| 1.0.2075 | 54 / 3 | |
| 1.0.2074 | 54 / 3 | |
| 1.0.2073 | 54 / 3 | |
| 1.0.2072 | 54 / 3 | |
| 1.0.2071 | 54 / 3 | |
| 1.0.2070 | 54 / 3 | |
| 1.0.2069 | 54 / 3 | |
| 1.0.2068 | 54 / 3 | |
| 1.0.2067 | 54 / 3 | |
| 1.0.2066 | 54 / 3 | |
| 1.0.2065 | 54 / 3 | |
| 1.0.2064 | 54 / 3 | |
| 1.0.2063 | 54 / 3 | |
| 1.0.2062 | 54 / 3 | |
| 1.0.2061 | 54 / 3 |
v1.0.2154
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2153
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2151
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2147
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2114
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2113
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2105
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2104
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2103
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2102
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2101
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2100
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2099
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2098
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2097
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2096
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2095
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2094
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2093
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2092
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2091
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2090
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2089
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2088
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2087
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2086
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2085
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2084
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2083
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2082
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2081
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2080
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2079
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2078
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2077
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2076
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2075
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2074
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2073
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2072
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2071
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2070
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2069
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2068
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2067
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2066
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2065
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2064
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2063
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2062
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2061
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.