@wix/stores
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): Wix internal monorepo package; mass-production naming and missing metadata are expected for this publisher's packages. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Internal Wix package; missing description is stable pattern for internal tooling. | ai | |
| provenance | no-provenance | AI (provenance): Provenance adoption is sparse across npm; not a signal for this established package. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_brands-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_collections | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_ribbons-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_products-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_abandoned-carts | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_info-sections-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/headless-stores | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_customizations-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_catalog-imports-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_inventory-items-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_stores-locations-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_read-only-variants-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_catalog-versioning | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/stores_app-extensions | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_wishlist | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai |
Versions (showing 85 of 385)
| Version | Deps | Published |
|---|---|---|
| 1.0.517 | 18 / 3 | |
| 1.0.516 | 18 / 3 | |
| 1.0.515 | 18 / 3 | |
| 1.0.514 | 18 / 3 | |
| 1.0.513 | 18 / 3 | |
| 1.0.512 | 18 / 3 | |
| 1.0.511 | 18 / 3 | |
| 1.0.510 | 18 / 3 | |
| 1.0.509 | 17 / 3 | |
| 1.0.508 | 17 / 3 | |
| 1.0.507 | 17 / 3 | |
| 1.0.506 | 17 / 3 | |
| 1.0.505 | 17 / 3 | |
| 1.0.504 | 17 / 3 | |
| 1.0.503 | 17 / 3 | |
| 1.0.502 | 17 / 3 | |
| 1.0.501 | 17 / 3 | |
| 1.0.500 | 17 / 3 | |
| 1.0.499 | 17 / 3 | |
| 1.0.498 | 17 / 3 | |
| 1.0.497 | 17 / 3 | |
| 1.0.496 | 17 / 3 | |
| 1.0.495 | 17 / 3 | |
| 1.0.494 | 17 / 3 | |
| 1.0.493 | 17 / 3 | |
| 1.0.492 | 17 / 3 | |
| 1.0.491 | 17 / 3 | |
| 1.0.490 | 17 / 3 | |
| 1.0.489 | 17 / 3 | |
| 1.0.488 | 17 / 3 | |
| 1.0.487 | 17 / 3 | |
| 1.0.486 | 17 / 3 | |
| 1.0.485 | 16 / 2 | |
| 1.0.484 | 16 / 2 | |
| 1.0.483 | 16 / 2 | |
| 1.0.482 | 16 / 2 | |
| 1.0.481 | 16 / 2 | |
| 1.0.480 | 16 / 2 | |
| 1.0.479 | 16 / 2 | |
| 1.0.478 | 16 / 2 | |
| 1.0.477 | 16 / 2 | |
| 1.0.476 | 16 / 2 | |
| 1.0.475 | 16 / 2 | |
| 1.0.474 | 16 / 2 | |
| 1.0.473 | 16 / 2 | |
| 1.0.472 | 16 / 2 | |
| 1.0.471 | 16 / 2 | |
| 1.0.470 | 16 / 2 | |
| 1.0.469 | 16 / 2 | |
| 1.0.468 | 16 / 2 | |
| 1.0.467 | 16 / 2 | |
| 1.0.466 | 16 / 2 | |
| 1.0.465 | 16 / 2 | |
| 1.0.464 | 16 / 2 | |
| 1.0.463 | 16 / 2 | |
| 1.0.462 | 16 / 2 | |
| 1.0.461 | 16 / 2 | |
| 1.0.460 | 16 / 1 | |
| 1.0.459 | 16 / 1 | |
| 1.0.458 | 16 / 1 | |
| 1.0.457 | 16 / 1 | |
| 1.0.456 | 16 / 1 | |
| 1.0.455 | 16 / 1 | |
| 1.0.454 | 16 / 1 | |
| 1.0.453 | 16 / 1 | |
| 1.0.452 | 16 / 1 | |
| 1.0.451 | 16 / 1 | |
| 1.0.450 | 16 / 1 | |
| 1.0.449 | 16 / 1 | |
| 1.0.448 | 16 / 1 | |
| 1.0.447 | 16 / 1 | |
| 1.0.446 | 16 / 1 | |
| 1.0.445 | 16 / 1 | |
| 1.0.444 | 16 / 1 | |
| 1.0.443 | 16 / 1 | |
| 1.0.442 | 16 / 1 | |
| 1.0.441 | 16 / 1 | |
| 1.0.440 | 15 / 1 | |
| 1.0.439 | 15 / 1 | |
| 1.0.438 | 15 / 1 | |
| 1.0.437 | 15 / 1 | |
| 1.0.436 | 15 / 1 | |
| 1.0.435 | 15 / 1 | |
| 1.0.434 | 15 / 1 | |
| 1.0.433 | 15 / 1 |
v1.0.517
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.516
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.515
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.514
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.513
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.512
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.511
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.510
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.509
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.508
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.507
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.506
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.505
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.504
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.503
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.502
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.501
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.500
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.499
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.498
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.497
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.496
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.495
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.494
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.493
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.492
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.491
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.490
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.489
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.488
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.487
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.486
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.485
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.484
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.483
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.482
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.481
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.480
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.479
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.478
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.477
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.476
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.475
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.474
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.473
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.472
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.471
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.470
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.469
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.468
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.467
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.466
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.465
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.464
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.463
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.462
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.461
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.460
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.459
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.458
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.457
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.456
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.455
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.454
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.453
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.452
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.451
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.450
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.449
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.448
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.447
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.446
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.445
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.444
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.443
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.442
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.441
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.440
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.439
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.438
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.437
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.436
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.435
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.434
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.433
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.