@wix/auto_sdk_bookings_booking-policies

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

yoavwix-cishahatawixnpmwix-ambassadorwix-ci-publisherwix-bi-publishergalil-teamusability-sessionsyurynixydanivmayacoamitde007haimbrum-wixyoungshinobiethanpshlomitc-wixarielhwix-org-headlessfalconcinadavlacroir-wixdorchaouat

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:build/es/bookings-v1-booking-policy-booking-policies.universal-DyKOkpmg.d.mts	AI (source-diff): Long-line TypeScript declaration file with JSDoc comments; not obfuscated code.	ai	2026/05/10
source-diff	obfuscated-file:build/internal/cjs/bookings-v1-booking-policy-booking-policies.universal-DyKOkpmg.d.ts	AI (source-diff): Long-line TypeScript declaration file with JSDoc comments; not obfuscated code.	ai	2026/05/10
source-diff	obfuscated-file:build/cjs/bookings-v1-booking-policy-booking-policies.universal-DyKOkpmg.d.ts	AI (source-diff): Long-line TypeScript declaration file with JSDoc comments; not obfuscated code.	ai	2026/05/10
source-diff	obfuscated-file:build/internal/es/bookings-v1-booking-policy-booking-policies.universal-DyKOkpmg.d.mts	AI (source-diff): Long-line TypeScript declaration file with JSDoc comments; not obfuscated code.	ai	2026/05/10
source-diff	obfuscated-file:build/bookings-v1-booking-policy-booking-policies.universal-BOznK2N1.d.mts	AI (source-diff): Generated TypeScript declaration file with long lines from type definitions; not actual obfuscation.	ai	2026/05/10
source-diff	obfuscated-file:build/internal/bookings-v1-booking-policy-booking-policies.universal-BOznK2N1.d.ts	AI (source-diff): Generated TypeScript declaration file with long lines from type definitions; not actual obfuscation.	ai	2026/05/10
source-diff	obfuscated-file:build/bookings-v1-booking-policy-booking-policies.universal-BOznK2N1.d.ts	AI (source-diff): Generated TypeScript declaration file with long lines from type definitions; not actual obfuscation.	ai	2026/05/10
source-diff	obfuscated-file:build/internal/bookings-v1-booking-policy-booking-policies.universal-BOznK2N1.d.mts	AI (source-diff): Generated TypeScript declaration file with long lines from type definitions; not actual obfuscation.	ai	2026/05/10
source-diff	obfuscated-file:build/internal/cjs/bookings-v1-booking-policy-booking-policies.universal-Dn-27NDP.d.ts	AI (source-diff): TypeScript declaration file with long JSDoc lines; not obfuscated. Stable pattern for this package.	ai	2026/05/10
source-diff	obfuscated-file:build/es/bookings-v1-booking-policy-booking-policies.universal-Dn-27NDP.d.mts	AI (source-diff): TypeScript declaration file with long lines from JSDoc; not obfuscated code. Pattern is stable for this Wix SDK package.	ai	2026/05/10
source-diff	obfuscated-file:build/internal/es/bookings-v1-booking-policy-booking-policies.universal-Dn-27NDP.d.mts	AI (source-diff): TypeScript declaration file with long JSDoc lines; not obfuscated. Stable pattern for this package.	ai	2026/05/10
source-diff	obfuscated-file:build/cjs/bookings-v1-booking-policy-booking-policies.universal-Dn-27NDP.d.ts	AI (source-diff): TypeScript declaration file with long JSDoc lines; not obfuscated. Stable pattern for this package.	ai	2026/05/10
source-diff	obfuscated-file:build/internal/es/meta.d.mts	AI (source-diff): TypeScript declaration file with long import/export lines; not obfuscated code. Stable pattern for @wix/auto_sdk_* packages.	ai	2026/05/10
source-diff	obfuscated-file:build/es/meta.d.mts	AI (source-diff): TypeScript declaration file with long import/export lines; not obfuscated code. Stable pattern for @wix/auto_sdk_* packages.	ai	2026/05/10
maintainer-change	maintainer-added	AI (maintainer-change): wix-org-headless and dorchaouat are Wix org accounts; consistent with Wix CI migration pattern.	ai	2026/05/10
source-diff	obfuscated-file:build/internal/bookings-v1-booking-policy-booking-policies.universal-Dn-27NDP.d.mts	AI (source-diff): Generated TypeScript declaration file with long lines from type definitions; not obfuscated code.	ai	2026/05/10
source-diff	obfuscated-file:build/bookings-v1-booking-policy-booking-policies.universal-Dn-27NDP.d.mts	AI (source-diff): Generated TypeScript declaration file with long lines from type definitions; not obfuscated code.	ai	2026/05/10
source-diff	obfuscated-file:build/bookings-v1-booking-policy-booking-policies.universal-Dn-27NDP.d.ts	AI (source-diff): Generated TypeScript declaration file with long lines from type definitions; not obfuscated code.	ai	2026/05/10
source-diff	obfuscated-file:build/internal/bookings-v1-booking-policy-booking-policies.universal-Dn-27NDP.d.ts	AI (source-diff): Generated TypeScript declaration file with long lines from type definitions; not obfuscated code.	ai	2026/05/10
maintainer-change	maintainer-removed	AI (maintainer-change): Part of Wix's migration to centralized CI publishing; not indicative of takeover.	ai	2026/05/10
source-diff	obfuscated-file:build/internal/es/index.d.mts	AI (source-diff): Same pattern as build/es/index.d.mts — bundled TS declaration file, not malicious.	ai	2026/05/10
source-diff	obfuscated-file:build/es/index.d.mts	AI (source-diff): TypeScript declaration file with long export lists; not obfuscation, normal for bundled Wix SDK packages.	ai	2026/05/10
source-diff	obfuscated-file:build/es/index.typings.d.mts	AI (source-diff): TypeScript typings declaration file; long lines are from bundled interface definitions, not obfuscation.	ai	2026/05/10
source-diff	obfuscated-file:build/internal/es/index.typings.d.mts	AI (source-diff): Same pattern as build/es/index.typings.d.mts — bundled TS typings, not malicious.	ai	2026/05/10
provenance	publisher-changed	AI (provenance): Transition to wix-ci-publisher is Wix's standard CI automation account with 773 approved packages; stable pattern across Wix SDK packages.	ai	2026/05/10
bogus-package	bogus-package	AI (bogus-package): Wix auto-generated SDK package; templated naming, no description/repo are expected for this publisher's pipeline.	ai	2026/05/04
provenance	no-provenance	AI (provenance): Wix CI publisher does not attach Sigstore provenance; consistent across all approved versions.	ai	2026/05/04
npm-metadata	no-description	AI (npm-metadata): Wix auto-generated SDK packages consistently omit descriptions; stable false positive for this package family.	ai	2026/05/04

Versions (showing 51 of 119)

View all versions

Version	Deps	Published
1.0.131	3 / 2	2026-06-10
1.0.130	3 / 2	2026-06-08
1.0.129	3 / 2	2026-05-25
1.0.128	3 / 2	2026-05-25
1.0.127	3 / 2	2026-05-24
1.0.126	3 / 2	2026-04-27
1.0.125	3 / 2	2026-04-27
1.0.124	3 / 2	2026-04-27
1.0.123	3 / 2	2026-04-19
1.0.122	3 / 2	2026-04-16
1.0.121	3 / 2	2026-04-15
1.0.120	3 / 2	2026-03-31
1.0.119	2 / 2	2026-03-22
1.0.118	2 / 2	2026-03-16
1.0.117	2 / 2	2026-03-16
1.0.116	2 / 2	2026-02-25
1.0.115	2 / 2	2026-02-23
1.0.114	2 / 2	2026-02-19
1.0.113	2 / 2	2026-02-18
1.0.112	2 / 2	2026-02-08
1.0.111	2 / 2	2026-02-04
1.0.110	2 / 2	2026-01-28
1.0.109	2 / 2	2026-01-25
1.0.108	2 / 2	2026-01-25
1.0.107	2 / 2	2026-01-20
1.0.106	2 / 2	2026-01-20
1.0.105	2 / 2	2026-01-18
1.0.104	2 / 2	2026-01-18
1.0.103	2 / 2	2026-01-08
1.0.102	2 / 2	2026-01-07
1.0.101	2 / 2	2026-01-06
1.0.100	2 / 2	2026-01-06
1.0.99	2 / 2	2026-01-06
1.0.98	2 / 2	2026-01-05
1.0.97	2 / 2	2026-01-01
1.0.96	2 / 2	2025-12-31
1.0.95	2 / 2	2025-12-29
1.0.94	2 / 2	2025-12-23
1.0.93	2 / 2	2025-12-16
1.0.92	2 / 2	2025-12-04
1.0.91	2 / 2	2025-12-03
1.0.90	2 / 2	2025-12-02
1.0.89	2 / 2	2025-12-02
1.0.87	2 / 2	2025-12-02
1.0.86	2 / 2	2025-11-16
1.0.85	2 / 2	2025-11-16
1.0.84	2 / 2	2025-11-13
1.0.83	2 / 2	2025-11-10
1.0.82	2 / 2	2025-11-04
1.0.81	2 / 2	2025-11-04
1.0.80	2 / 2	2025-11-04

v1.0.131

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.130

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.129

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.128

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.127

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.