@wix/stores
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): Wix internal monorepo package; mass-production naming and missing metadata are expected for this publisher's packages. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Internal Wix package; missing description is stable pattern for internal tooling. | ai | |
| provenance | no-provenance | AI (provenance): Provenance adoption is sparse across npm; not a signal for this established package. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_brands-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_collections | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_ribbons-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_products-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_abandoned-carts | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_info-sections-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/headless-stores | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_customizations-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_catalog-imports-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_inventory-items-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_stores-locations-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_read-only-variants-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_catalog-versioning | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/stores_app-extensions | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_wishlist | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai |
Versions (showing 100 of 385)
| Version | Deps | Published |
|---|---|---|
| 1.0.719 | 18 / 3 | |
| 1.0.718 | 18 / 3 | |
| 1.0.717 | 18 / 3 | |
| 1.0.716 | 18 / 3 | |
| 1.0.715 | 18 / 3 | |
| 1.0.714 | 18 / 3 | |
| 1.0.713 | 18 / 3 | |
| 1.0.712 | 18 / 3 | |
| 1.0.711 | 18 / 3 | |
| 1.0.710 | 18 / 3 | |
| 1.0.709 | 18 / 3 | |
| 1.0.708 | 18 / 3 | |
| 1.0.707 | 18 / 3 | |
| 1.0.706 | 18 / 3 | |
| 1.0.705 | 18 / 3 | |
| 1.0.704 | 18 / 3 | |
| 1.0.703 | 18 / 3 | |
| 1.0.702 | 18 / 3 | |
| 1.0.701 | 18 / 3 | |
| 1.0.700 | 18 / 3 | |
| 1.0.699 | 18 / 3 | |
| 1.0.698 | 18 / 3 | |
| 1.0.697 | 18 / 3 | |
| 1.0.696 | 18 / 3 | |
| 1.0.695 | 18 / 3 | |
| 1.0.694 | 18 / 3 | |
| 1.0.693 | 18 / 3 | |
| 1.0.692 | 18 / 3 | |
| 1.0.691 | 18 / 3 | |
| 1.0.690 | 18 / 3 | |
| 1.0.689 | 18 / 3 | |
| 1.0.688 | 18 / 3 | |
| 1.0.687 | 18 / 3 | |
| 1.0.686 | 18 / 3 | |
| 1.0.685 | 18 / 3 | |
| 1.0.684 | 18 / 3 | |
| 1.0.683 | 18 / 3 | |
| 1.0.682 | 18 / 3 | |
| 1.0.681 | 18 / 3 | |
| 1.0.680 | 18 / 3 | |
| 1.0.679 | 18 / 3 | |
| 1.0.678 | 18 / 3 | |
| 1.0.677 | 18 / 3 | |
| 1.0.676 | 18 / 3 | |
| 1.0.675 | 18 / 3 | |
| 1.0.674 | 18 / 3 | |
| 1.0.673 | 18 / 3 | |
| 1.0.672 | 18 / 3 | |
| 1.0.671 | 18 / 3 | |
| 1.0.670 | 18 / 3 | |
| 1.0.669 | 18 / 3 | |
| 1.0.668 | 18 / 3 | |
| 1.0.667 | 18 / 3 | |
| 1.0.666 | 18 / 3 | |
| 1.0.665 | 18 / 3 | |
| 1.0.664 | 18 / 3 | |
| 1.0.663 | 18 / 3 | |
| 1.0.662 | 18 / 3 | |
| 1.0.661 | 18 / 3 | |
| 1.0.660 | 18 / 3 | |
| 1.0.659 | 18 / 3 | |
| 1.0.658 | 18 / 3 | |
| 1.0.657 | 18 / 3 | |
| 1.0.656 | 18 / 3 | |
| 1.0.655 | 18 / 3 | |
| 1.0.654 | 18 / 3 | |
| 1.0.653 | 18 / 3 | |
| 1.0.652 | 18 / 3 | |
| 1.0.651 | 18 / 3 | |
| 1.0.650 | 18 / 3 | |
| 1.0.649 | 18 / 3 | |
| 1.0.648 | 18 / 3 | |
| 1.0.647 | 18 / 3 | |
| 1.0.646 | 18 / 3 | |
| 1.0.645 | 18 / 3 | |
| 1.0.644 | 18 / 3 | |
| 1.0.643 | 18 / 3 | |
| 1.0.642 | 18 / 3 | |
| 1.0.641 | 18 / 3 | |
| 1.0.640 | 18 / 3 | |
| 1.0.639 | 18 / 3 | |
| 1.0.638 | 18 / 3 | |
| 1.0.637 | 18 / 3 | |
| 1.0.636 | 18 / 3 | |
| 1.0.635 | 18 / 3 | |
| 1.0.634 | 18 / 3 | |
| 1.0.633 | 18 / 3 | |
| 1.0.632 | 18 / 3 | |
| 1.0.631 | 18 / 3 | |
| 1.0.630 | 18 / 3 | |
| 1.0.629 | 18 / 3 | |
| 1.0.628 | 18 / 3 | |
| 1.0.627 | 18 / 3 | |
| 1.0.626 | 18 / 3 | |
| 1.0.625 | 18 / 3 | |
| 1.0.624 | 18 / 3 | |
| 1.0.623 | 18 / 3 | |
| 1.0.622 | 18 / 3 | |
| 1.0.621 | 18 / 3 | |
| 1.0.620 | 18 / 3 |
v1.0.719
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.718
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.717
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.716
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.715
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.714
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.713
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.712
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.711
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.710
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.709
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.708
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.707
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.706
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.705
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.704
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.703
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.702
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.701
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.700
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.699
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.698
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.697
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.696
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.695
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.694
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.693
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.692
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.691
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.690
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.689
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.688
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.687
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.686
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.685
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.684
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.683
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.682
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.681
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.680
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.679
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.678
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.677
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.676
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.675
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.674
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.673
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.672
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.671
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.670
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.669
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.668
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.667
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.666
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.665
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.664
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.663
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.662
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.661
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.660
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.659
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.658
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.657
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.656
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.655
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.654
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.653
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.652
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.651
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.650
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.649
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.648
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.647
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.646
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.645
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.644
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.643
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.642
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.641
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.640
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.639
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.638
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.637
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.636
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.635
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.634
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.633
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.632
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.631
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.630
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.629
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.628
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.627
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.626
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.625
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.624
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.623
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.622
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.621
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.620
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.