@wix/auto_sdk_blog_draft-posts
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:build/es/blog-v3-draft-draft-posts.universal-DE4EwIQq.d.mts | AI (source-diff): TypeScript declaration file with long re-export lines; standard Wix SDK bundler output, not obfuscation. | ai | |
| source-diff | obfuscated-file:build/internal/cjs/blog-v3-draft-draft-posts.universal-DE4EwIQq.d.ts | AI (source-diff): TypeScript declaration file with long re-export lines; standard Wix SDK bundler output, not obfuscation. | ai | |
| source-diff | obfuscated-file:build/cjs/blog-v3-draft-draft-posts.universal-DE4EwIQq.d.ts | AI (source-diff): TypeScript declaration file with long re-export lines; standard Wix SDK bundler output, not obfuscation. | ai | |
| source-diff | obfuscated-file:build/internal/es/blog-v3-draft-draft-posts.universal-DE4EwIQq.d.mts | AI (source-diff): TypeScript declaration file with long re-export lines; standard Wix SDK bundler output, not obfuscation. | ai | |
| source-diff | obfuscated-file:build/internal/cjs/blog-v3-draft-draft-posts.universal-yk8zFFHT.d.ts | AI (source-diff): Auto-generated TypeScript declaration file; long lines are re-exports, not obfuscation. | ai | |
| source-diff | obfuscated-file:build/es/blog-v3-draft-draft-posts.universal-yk8zFFHT.d.mts | AI (source-diff): Auto-generated TypeScript declaration file with long export lines; not obfuscation. | ai | |
| source-diff | obfuscated-file:build/internal/es/blog-v3-draft-draft-posts.universal-yk8zFFHT.d.mts | AI (source-diff): Auto-generated TypeScript declaration file with long export lines; not obfuscation. | ai | |
| source-diff | obfuscated-file:build/cjs/blog-v3-draft-draft-posts.universal-yk8zFFHT.d.ts | AI (source-diff): Auto-generated TypeScript declaration file; long lines are re-exports, not obfuscation. | ai | |
| source-diff | obfuscated-file:build/es/blog-v3-draft-draft-posts.universal-C8lvzfZY.d.mts | AI (source-diff): Auto-generated TS declaration file with long re-export lines; not obfuscation. Stable pattern for Wix SDK packages. | ai | |
| source-diff | obfuscated-file:build/internal/es/blog-v3-draft-draft-posts.universal-C8lvzfZY.d.mts | AI (source-diff): Same auto-generated TS declaration pattern; false positive for this package family. | ai | |
| source-diff | obfuscated-file:build/es/index.d.mts | AI (source-diff): Long re-export barrel file from SDK codegen; not obfuscation. | ai | |
| source-diff | obfuscated-file:build/internal/es/index.d.mts | AI (source-diff): Same barrel re-export pattern; false positive for this package family. | ai | |
| source-diff | obfuscated-file:build/internal/cjs/blog-v3-draft-draft-posts.universal-C8lvzfZY.d.ts | AI (source-diff): Same pattern as other declaration files; stable false positive for Wix SDK packages. | ai | |
| source-diff | obfuscated-file:build/cjs/blog-v3-draft-draft-posts.universal-C8lvzfZY.d.ts | AI (source-diff): Auto-generated CJS TS declaration; long lines from codegen, not obfuscation. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): Wix internal team rotation via CI publisher; stable pattern for this org's SDK packages. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): zod is a well-established schema validation library; addition aligns with new schema files in the diff. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Wix internal team rotation; combined with trusted CI publisher, not a takeover signal. | ai | |
| source-diff | obfuscated-file:build/internal/blog-v3-draft-draft-posts.universal-yk8zFFHT.d.ts | AI (source-diff): Same pattern as .d.mts counterpart. | ai | |
| source-diff | obfuscated-file:build/blog-v3-draft-draft-posts.universal-yk8zFFHT.d.mts | AI (source-diff): TypeScript declaration file with long re-export lines; standard tsup bundler output for Wix auto-SDK packages. | ai | |
| source-diff | obfuscated-file:build/internal/blog-v3-draft-draft-posts.universal-yk8zFFHT.d.mts | AI (source-diff): Same pattern — .d.mts declaration file, not obfuscated code. | ai | |
| source-diff | obfuscated-file:build/blog-v3-draft-draft-posts.universal-yk8zFFHT.d.ts | AI (source-diff): TypeScript declaration file; long lines from bundled re-exports, not obfuscation. | ai | |
| source-diff | obfuscated-file:build/blog-v3-draft-draft-posts.universal-vVP72XfS.d.mts | AI (source-diff): Long-line TypeScript declaration file generated by tsup bundler; stable pattern for this Wix auto-SDK package. | ai | |
| source-diff | obfuscated-file:build/internal/index.d.ts | AI (source-diff): Same pattern; stable false positive for this package. | ai | |
| source-diff | obfuscated-file:build/index.d.ts | AI (source-diff): Bundled declaration file with long re-export line; standard for this Wix auto-SDK family. | ai | |
| source-diff | obfuscated-file:build/internal/blog-v3-draft-draft-posts.universal-vVP72XfS.d.ts | AI (source-diff): Same tsup-generated declaration file pattern; stable false positive. | ai | |
| source-diff | obfuscated-file:build/blog-v3-draft-draft-posts.universal-vVP72XfS.d.ts | AI (source-diff): tsup-generated .d.ts declaration file; long lines are re-exports, not obfuscation. | ai | |
| source-diff | obfuscated-file:build/internal/index.d.mts | AI (source-diff): Same pattern as build/index.d.mts; stable false positive for this package. | ai | |
| source-diff | obfuscated-file:build/index.d.mts | AI (source-diff): Bundled TypeScript declaration file with long re-export line; standard tsup output for Wix SDK packages. | ai | |
| source-diff | obfuscated-file:build/internal/blog-v3-draft-draft-posts.universal-vVP72XfS.d.mts | AI (source-diff): Same tsup-generated .d.mts declaration file pattern; not obfuscation. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Stable pattern for Wix auto-generated SDK packages; not a malice indicator here. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Wix auto-generated SDK package; templated name, no description/repo are expected patterns for this publisher's CI pipeline. | ai |
Versions (showing 25 of 25)
| Version | Deps | Published |
|---|---|---|
| 1.0.87 | 3 / 2 | |
| 1.0.86 | 3 / 2 | |
| 1.0.85 | 3 / 2 | |
| 1.0.84 | 3 / 2 | |
| 1.0.83 | 3 / 2 | |
| 1.0.82 | 3 / 2 | |
| 1.0.81 | 3 / 2 | |
| 1.0.80 | 3 / 2 | |
| 1.0.53 | 2 / 2 | |
| 1.0.30 | 2 / 2 | |
| 1.0.29 | 2 / 2 | |
| 1.0.28 | 2 / 2 | |
| 1.0.27 | 2 / 2 | |
| 1.0.26 | 2 / 2 | |
| 1.0.25 | 2 / 2 | |
| 1.0.24 | 2 / 1 | |
| 1.0.23 | 2 / 1 | |
| 1.0.22 | 2 / 1 | |
| 1.0.21 | 2 / 1 | |
| 1.0.20 | 2 / 1 | |
| 1.0.19 | 2 / 1 | |
| 1.0.18 | 2 / 1 | |
| 1.0.17 | 2 / 1 | |
| 1.0.16 | 2 / 2 | |
| 1.0.15 | 2 / 1 |
v1.0.87
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.86
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.85
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.84
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.83
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.82
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.81
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.80
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.53
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.30
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.29
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.28
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.27
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.26
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.25
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.16
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.