@wix/bookings — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

yoavwix-cishahatawixnpmwix-ambassadorwix-ci-publisherwix-bi-publishergalil-teamusability-sessionsyurynixydanivmayacoamitde007haimbrum-wixyoungshinobiethanpshlomitc-wixarielhwix-org-headlessfalconcinadavlacroir-wixdorchaouat

Keywords

wixSdkBackendModulewixSdkPageModulewixSdkPublicModule

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@wix/auto_sdk_bookings_time-slots-configuration	AI (dependencies): Wix-namespaced dep added by trusted wix-ci-publisher; consistent with Wix's auto-SDK generation pattern.	ai	2026/06/04
maintainer-change	maintainer-removed	AI (maintainer-change): Paired with maintainer-added; consistent with Wix internal team changes, not a takeover signal.	ai	2026/06/01
maintainer-change	maintainer-added	AI (maintainer-change): Wix internal team rotation; wix-ci-publisher CI pipeline publishes consistently across thousands of packages.	ai	2026/06/01
phantom-deps	phantom-dep:@wix/bookings_app-extensions	AI (phantom-deps): Same-org dependency declared in package.json; phantom-dep heuristic is a false positive for this SDK aggregator pattern.	ai	2026/05/31
provenance	no-provenance	AI (provenance): Wix CI publisher does not use Sigstore provenance; stable pattern across all their packages.	ai	2026/05/26
bogus-package	bogus-package	AI (bogus-package): Wix internal monorepo package; missing metadata is a known pattern across their 2000+ published packages.	ai	2026/05/26
npm-metadata	no-description	AI (npm-metadata): Consistent with Wix internal package publishing pattern; not a malicious indicator here.	ai	2026/05/26
dependencies	unvetted-dep:@wix/auto_sdk_bookings_categories	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_booking-fees	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_staff-members	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_staff-sorting	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_categories-v-2	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_resource-types	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_external-calendars	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_staff-member-settings	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_booking-policy-snapshots	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_service-options-and-variants	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_attendance	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/auto_sdk_bookings_add-ons	AI (dependencies): Internal Wix auto-SDK namespace dependency; stable pattern for this package.	ai	2026/05/22
dependencies	unvetted-dep:@wix/bookings_app-extensions	AI (dependencies): Internal Wix namespace dependency; consistent with Wix SDK auto-generation pattern.	ai	2026/05/22
dependencies	unvetted-dep:@wix/headless-bookings	AI (dependencies): Internal Wix namespace dependency; consistent with Wix SDK auto-generation pattern across all versions.	ai	2026/05/22

Versions (showing 34 of 34)

Version	Deps	Published
1.0.1409	29 / 3	2026-06-03
1.0.1408	29 / 3	2026-06-01
1.0.1397	28 / 3	2026-05-24
1.0.1383	27 / 3	2026-05-11
1.0.1374	27 / 3	2026-04-29
1.0.1343	25 / 3	2026-03-30
1.0.1316	25 / 3	2026-02-27
1.0.1149	22 / 3	2025-11-17
1.0.1134	22 / 3	2025-11-11
1.0.1127	22 / 3	2025-11-06
1.0.1098	22 / 3	2025-10-21
1.0.1034	20 / 2	2025-08-24
1.0.1020	20 / 2	2025-08-18
1.0.1016	20 / 2	2025-08-13
1.0.1013	20 / 2	2025-08-13
1.0.991	20 / 2	2025-08-07
1.0.969	20 / 2	2025-07-24
1.0.968	20 / 2	2025-07-24
1.0.936	20 / 2	2025-07-10
1.0.929	20 / 2	2025-07-03
1.0.927	20 / 2	2025-07-02
1.0.925	20 / 2	2025-07-01
1.0.918	20 / 2	2025-06-25
1.0.906	20 / 2	2025-06-12
1.0.897	20 / 2	2025-06-11
1.0.896	20 / 2	2025-06-10
1.0.885	20 / 2	2025-06-05
1.0.882	20 / 2	2025-06-04
1.0.876	20 / 1	2025-06-03
1.0.856	19 / 1	2025-05-22
1.0.854	19 / 1	2025-05-22
1.0.850	19 / 1	2025-05-22
1.0.844	19 / 1	2025-05-21
1.0.842	19 / 1	2025-05-21

v1.0.1409

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1408

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1397

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1383

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1343

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1316

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1149

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1134

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1127

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1098

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1034

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1020

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1016

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1013

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.991

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.969

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.968

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.936

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.929

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.927

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.925

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.918

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.906

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.897

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.896

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.885

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.882

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.876

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.856

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.854

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.850

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.844

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.842

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.