@wix/stores
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): Wix internal monorepo package; mass-production naming and missing metadata are expected for this publisher's packages. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Internal Wix package; missing description is stable pattern for internal tooling. | ai | |
| provenance | no-provenance | AI (provenance): Provenance adoption is sparse across npm; not a signal for this established package. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_brands-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_collections | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_ribbons-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_products-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_abandoned-carts | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_info-sections-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/headless-stores | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_customizations-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_catalog-imports-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_inventory-items-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_stores-locations-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_read-only-variants-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_catalog-versioning | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/stores_app-extensions | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_wishlist | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai |
Versions (showing 100 of 385)
| Version | Deps | Published |
|---|---|---|
| 1.0.619 | 18 / 3 | |
| 1.0.618 | 18 / 3 | |
| 1.0.617 | 18 / 3 | |
| 1.0.616 | 18 / 3 | |
| 1.0.615 | 18 / 3 | |
| 1.0.614 | 18 / 3 | |
| 1.0.613 | 18 / 3 | |
| 1.0.612 | 18 / 3 | |
| 1.0.611 | 18 / 3 | |
| 1.0.610 | 18 / 3 | |
| 1.0.609 | 18 / 3 | |
| 1.0.608 | 18 / 3 | |
| 1.0.607 | 18 / 3 | |
| 1.0.606 | 18 / 3 | |
| 1.0.605 | 18 / 3 | |
| 1.0.604 | 18 / 3 | |
| 1.0.603 | 18 / 3 | |
| 1.0.602 | 18 / 3 | |
| 1.0.601 | 18 / 3 | |
| 1.0.600 | 18 / 3 | |
| 1.0.599 | 18 / 3 | |
| 1.0.598 | 18 / 3 | |
| 1.0.597 | 18 / 3 | |
| 1.0.596 | 18 / 3 | |
| 1.0.595 | 18 / 3 | |
| 1.0.594 | 18 / 3 | |
| 1.0.593 | 18 / 3 | |
| 1.0.592 | 18 / 3 | |
| 1.0.591 | 18 / 3 | |
| 1.0.590 | 18 / 3 | |
| 1.0.589 | 18 / 3 | |
| 1.0.588 | 18 / 3 | |
| 1.0.587 | 18 / 3 | |
| 1.0.586 | 18 / 3 | |
| 1.0.585 | 18 / 3 | |
| 1.0.584 | 18 / 3 | |
| 1.0.583 | 18 / 3 | |
| 1.0.582 | 18 / 3 | |
| 1.0.581 | 18 / 3 | |
| 1.0.580 | 18 / 3 | |
| 1.0.579 | 18 / 3 | |
| 1.0.578 | 18 / 3 | |
| 1.0.577 | 18 / 3 | |
| 1.0.576 | 18 / 3 | |
| 1.0.575 | 18 / 3 | |
| 1.0.574 | 18 / 3 | |
| 1.0.573 | 18 / 3 | |
| 1.0.572 | 18 / 3 | |
| 1.0.571 | 18 / 3 | |
| 1.0.570 | 18 / 3 | |
| 1.0.569 | 18 / 3 | |
| 1.0.568 | 18 / 3 | |
| 1.0.567 | 18 / 3 | |
| 1.0.566 | 18 / 3 | |
| 1.0.563 | 18 / 3 | |
| 1.0.562 | 18 / 3 | |
| 1.0.561 | 18 / 3 | |
| 1.0.560 | 18 / 3 | |
| 1.0.559 | 18 / 3 | |
| 1.0.558 | 18 / 3 | |
| 1.0.557 | 18 / 3 | |
| 1.0.556 | 18 / 3 | |
| 1.0.555 | 18 / 3 | |
| 1.0.554 | 18 / 3 | |
| 1.0.553 | 18 / 3 | |
| 1.0.552 | 18 / 3 | |
| 1.0.551 | 18 / 3 | |
| 1.0.550 | 18 / 3 | |
| 1.0.549 | 18 / 3 | |
| 1.0.548 | 18 / 3 | |
| 1.0.547 | 18 / 3 | |
| 1.0.546 | 18 / 3 | |
| 1.0.545 | 18 / 3 | |
| 1.0.544 | 18 / 3 | |
| 1.0.543 | 18 / 3 | |
| 1.0.542 | 18 / 3 | |
| 1.0.541 | 18 / 3 | |
| 1.0.540 | 18 / 3 | |
| 1.0.539 | 18 / 3 | |
| 1.0.538 | 18 / 3 | |
| 1.0.537 | 18 / 3 | |
| 1.0.536 | 18 / 3 | |
| 1.0.535 | 18 / 3 | |
| 1.0.534 | 18 / 3 | |
| 1.0.533 | 18 / 3 | |
| 1.0.532 | 18 / 3 | |
| 1.0.531 | 18 / 3 | |
| 1.0.530 | 18 / 2 | |
| 1.0.529 | 18 / 2 | |
| 1.0.528 | 18 / 2 | |
| 1.0.527 | 18 / 2 | |
| 1.0.526 | 18 / 3 | |
| 1.0.525 | 18 / 3 | |
| 1.0.524 | 18 / 3 | |
| 1.0.523 | 18 / 3 | |
| 1.0.522 | 18 / 3 | |
| 1.0.521 | 18 / 3 | |
| 1.0.520 | 18 / 3 | |
| 1.0.519 | 18 / 3 | |
| 1.0.518 | 18 / 3 |
v1.0.619
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.618
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.617
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.616
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.615
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.614
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.613
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.612
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.611
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.610
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.609
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.608
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.607
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.606
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.605
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.604
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.603
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.602
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.601
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.600
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.599
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.598
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.597
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.596
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.595
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.594
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.593
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.592
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.591
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.590
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.589
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.588
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.587
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.586
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.585
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.584
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.583
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.582
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.581
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.580
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.579
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.578
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.577
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.576
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.575
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.574
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.573
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.572
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.571
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.570
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.569
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.568
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.567
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.566
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.563
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.562
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.561
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.560
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.559
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.558
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.557
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.556
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.555
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.554
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.553
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.552
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.551
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.550
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.549
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.548
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.547
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.546
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.545
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.544
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.543
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.542
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.541
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.540
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.539
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.538
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.537
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.536
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.535
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.534
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.533
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.532
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.531
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.530
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.529
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.528
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.527
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.526
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.525
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.521
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.520
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.519
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.518
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.