@wix/auto_sdk_data_external-database
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:build/internal/cjs/service-plugins-error-classes-mEaPq0c_.d.ts | AI (source-diff): TypeScript declaration file with long lines from JSDoc; no executable code, stable false positive for Wix SDK packages. | ai | |
| source-diff | obfuscated-file:build/cjs/service-plugins-error-classes-mEaPq0c_.d.ts | AI (source-diff): TypeScript declaration file with long lines from JSDoc; no executable code, stable false positive for Wix SDK packages. | ai | |
| source-diff | obfuscated-file:build/es/service-plugins-error-classes-mEaPq0c_.d.mts | AI (source-diff): TypeScript declaration file with long lines from JSDoc; no executable code, stable false positive for Wix SDK packages. | ai | |
| source-diff | obfuscated-file:build/internal/es/service-plugins-error-classes-mEaPq0c_.d.mts | AI (source-diff): TypeScript declaration file with long lines from JSDoc; no executable code, stable false positive for Wix SDK packages. | ai | |
| source-diff | obfuscated-file:build/cjs/service-plugins-error-classes-DnLVPAK3.d.ts | AI (source-diff): TypeScript declaration file with long JSDoc comments; not obfuscated code. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): Routine maintainer rotation within Wix org; trusted CI publisher unchanged. | ai | |
| source-diff | obfuscated-file:build/internal/cjs/service-plugins-error-classes-DnLVPAK3.d.ts | AI (source-diff): TypeScript declaration file with long JSDoc comments; not obfuscated code. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Routine maintainer rotation within Wix org; trusted CI publisher unchanged. | ai | |
| source-diff | obfuscated-file:build/es/service-plugins-error-classes-DnLVPAK3.d.mts | AI (source-diff): TypeScript declaration file with long JSDoc comments; not obfuscated code. | ai | |
| source-diff | obfuscated-file:build/internal/es/service-plugins-error-classes-DnLVPAK3.d.mts | AI (source-diff): TypeScript declaration file with long JSDoc comments; not obfuscated code. | ai | |
| source-diff | obfuscated-file:build/es/service-plugins-error-classes-CH8yjxz_.d.mts | AI (source-diff): TypeScript declaration file; long lines are interface/type definitions, not obfuscated runtime code. | ai | |
| source-diff | obfuscated-file:build/internal/es/service-plugins-error-classes-CH8yjxz_.d.mts | AI (source-diff): TypeScript declaration file; long lines are interface/type definitions, not obfuscated runtime code. | ai | |
| source-diff | obfuscated-file:build/cjs/service-plugins-error-classes-CH8yjxz_.d.ts | AI (source-diff): TypeScript declaration file; long lines are interface/type definitions, not obfuscated runtime code. | ai | |
| source-diff | obfuscated-file:build/internal/cjs/service-plugins-error-classes-CH8yjxz_.d.ts | AI (source-diff): TypeScript declaration file; long lines are interface/type definitions, not obfuscated runtime code. | ai | |
| source-diff | obfuscated-file:build/internal/index.d.mts | AI (source-diff): TypeScript declaration file with long JSDoc lines; not obfuscated code. Stable pattern for this Wix auto-generated SDK package. | ai | |
| source-diff | obfuscated-file:build/index.d.ts | AI (source-diff): TypeScript declaration file with long JSDoc lines; not obfuscated code. Stable pattern for this Wix auto-generated SDK package. | ai | |
| source-diff | obfuscated-file:build/index.d.mts | AI (source-diff): TypeScript declaration file with long JSDoc lines; not obfuscated code. Stable pattern for this Wix auto-generated SDK package. | ai | |
| source-diff | obfuscated-file:build/internal/index.d.ts | AI (source-diff): TypeScript declaration file with long JSDoc lines; not obfuscated code. Stable pattern for this Wix auto-generated SDK package. | ai | |
| source-diff | obfuscated-file:build/internal/es/service-plugins-error-classes-CQRdlnyO.d.mts | AI (source-diff): Bundled TypeScript declaration file; long lines are normal tsup output. | ai | |
| source-diff | obfuscated-file:build/es/index.d.mts | AI (source-diff): Long-line TypeScript declaration file generated by tsup bundler; not obfuscated code. | ai | |
| source-diff | obfuscated-file:build/internal/es/index.d.mts | AI (source-diff): Long-line TypeScript declaration file generated by tsup bundler; not obfuscated code. | ai | |
| source-diff | obfuscated-file:build/es/service-plugins-error-classes-CQRdlnyO.d.mts | AI (source-diff): Bundled TypeScript declaration file; long lines are normal tsup output. | ai | |
| source-diff | obfuscated-file:build/cjs/service-plugins-error-classes-CQRdlnyO.d.ts | AI (source-diff): Bundled TypeScript declaration file; long lines are normal tsup output. | ai | |
| source-diff | obfuscated-file:build/internal/cjs/service-plugins-error-classes-CQRdlnyO.d.ts | AI (source-diff): Bundled TypeScript declaration file; long lines are normal tsup output. | ai | |
| source-diff | obfuscated-file:build/internal/cjs/service-plugins-error-classes-BkK0BTJe.d.ts | AI (source-diff): Generated TypeScript declaration file; long lines are JSDoc comments, not obfuscation. Stable false positive for Wix SDK packages. | ai | |
| source-diff | obfuscated-file:build/cjs/service-plugins-error-classes-BkK0BTJe.d.ts | AI (source-diff): Generated TypeScript declaration file; long lines are JSDoc comments, not obfuscation. Stable false positive for Wix SDK packages. | ai | |
| source-diff | obfuscated-file:build/internal/es/service-plugins-error-classes-BkK0BTJe.d.mts | AI (source-diff): Generated TypeScript declaration file; long lines are JSDoc comments, not obfuscation. Stable false positive for Wix SDK packages. | ai | |
| source-diff | obfuscated-file:build/es/service-plugins-error-classes-BkK0BTJe.d.mts | AI (source-diff): Generated TypeScript declaration file; long lines are JSDoc comments, not obfuscation. Stable false positive for Wix SDK packages. | ai | |
| phantom-deps | phantom-dep:zod | AI (phantom-deps): zod is a declared runtime dependency; phantom-dep heuristic is a false positive for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Internal Wix SDK; missing repo/description/keywords are standard for monorepo-published artifacts. | ai |
Versions (showing 27 of 27)
| Version | Deps | Published |
|---|---|---|
| 1.0.30 | 3 / 2 | |
| 1.0.29 | 3 / 2 | |
| 1.0.28 | 3 / 2 | |
| 1.0.27 | 2 / 2 | |
| 1.0.26 | 2 / 2 | |
| 1.0.25 | 2 / 2 | |
| 1.0.24 | 2 / 2 | |
| 1.0.23 | 2 / 2 | |
| 1.0.22 | 2 / 2 | |
| 1.0.20 | 2 / 2 | |
| 1.0.19 | 2 / 2 | |
| 1.0.18 | 2 / 2 | |
| 1.0.17 | 2 / 2 | |
| 1.0.16 | 2 / 2 | |
| 1.0.15 | 2 / 2 | |
| 1.0.14 | 2 / 2 | |
| 1.0.13 | 2 / 2 | |
| 1.0.12 | 2 / 2 | |
| 1.0.11 | 2 / 2 | |
| 1.0.10 | 2 / 2 | |
| 1.0.9 | 2 / 2 | |
| 1.0.8 | 2 / 2 | |
| 1.0.7 | 2 / 2 | |
| 1.0.6 | 2 / 1 | |
| 1.0.5 | 2 / 1 | |
| 1.0.4 | 2 / 1 | |
| 1.0.3 | 2 / 1 |
v1.0.30
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.28
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.27
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.26
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.25
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.24
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.23
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.22
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.20
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.19
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.18
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.15
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.14
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.13
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.12
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.11
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.10
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.9
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.8
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.7
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.