@wix/create-new
General entry point for creating Wix projects
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:build/chunk-SP6CBGLK.js | AI (source-diff): Wix CLI build artifact bundled via tsup; network+exec pattern is from bundled deps (sentry, http clients), not malicious dropper. | ai | |
| source-diff | net-exec-file:build/chunk-GNLSHRVA.js | AI (source-diff): Large tsup bundle artifact; network+exec pattern is from bundled node_modules, not malicious dropper code. | ai | |
| source-diff | net-exec-file:build/chunk-6P27MUFC.js | AI (source-diff): Bundled tsup output of Wix CLI deps; network+exec pattern is from bundled assert-plus/@sentry code, not malware. | ai | |
| source-diff | net-exec-file:build/chunk-FFNTR7KK.js | AI (source-diff): Bundled tsup artifact for Wix CLI tooling; network+exec pattern is from bundled node_modules, not malicious dropper code. | ai | |
| source-diff | net-exec-file:build/chunk-UYE4R7XA.js | AI (source-diff): Bundled tsup output for Wix CLI; network+exec pattern is from bundled deps (assert-plus, sentry), not malware. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Wix internal CLI tooling published via wix-ci-publisher; sparse metadata is a known pattern across their 70+ packages. | ai | |
| source-diff | net-exec-file:build/chunk-HWZQO4GG.js | AI (source-diff): Bundled tsup output of npm deps (assert-plus etc.); standard CJS shim pattern, not malware. | ai | |
| source-diff | net-exec-file:build/chunk-6IGZ75IY.js | AI (source-diff): Bundled tsup output for Wix CLI tool; network+exec pattern is from bundled node_modules, not malicious dropper code. | ai | |
| source-diff | net-exec-file:build/chunk-FUS6MQZW.js | AI (source-diff): Large tsup bundle of Wix CLI deps; network+exec pattern is from bundled node_modules, not malicious dropper code. | ai | |
| source-diff | net-exec-file:build/chunk-6R4YJJNX.js | AI (source-diff): Large tsup-bundled ESM chunk vendoring node_modules; network+exec pattern is from bundled deps (sentry, http clients), not malware. | ai | |
| source-diff | net-exec-file:build/chunk-4MNGTB2N.js | AI (source-diff): Bundled tsup output for Wix CLI tool; network+exec pattern is from bundled npm deps, not malicious dropper code. | ai | |
| source-diff | net-exec-file:build/chunk-ZVDOHBSI.js | AI (source-diff): Bundled build artifact with standard node_modules; no actual dropper/loader behavior present. | ai | |
| source-diff | net-exec-file:build/chunk-YCBN4IEQ.js | AI (source-diff): Bundled tsup output vendoring node_modules; network calls are from legitimate deps like Sentry, not dropper behavior. | ai | |
| source-diff | net-exec-file:build/chunk-G37X6RCS.js | AI (source-diff): Bundled tsup output of standard Node deps; not malicious network+exec pattern. | ai | |
| source-diff | encoded-string-file:build/index.js | AI (source-diff): Encoded string is @sentry/node's base64WorkerScript, a known bundled worker; stable false positive for this package. | ai |
Versions (showing 36 of 36)
| Version | Deps | Published |
|---|---|---|
| 0.0.76 | 0 / 11 | |
| 0.0.75 | 0 / 11 | |
| 0.0.74 | 0 / 11 | |
| 0.0.73 | 0 / 11 | |
| 0.0.72 | 0 / 11 | |
| 0.0.71 | 0 / 11 | |
| 0.0.70 | 0 / 11 | |
| 0.0.69 | 0 / 11 | |
| 0.0.68 | 0 / 11 | |
| 0.0.67 | 0 / 11 | |
| 0.0.66 | 0 / 11 | |
| 0.0.65 | 0 / 11 | |
| 0.0.64 | 0 / 11 | |
| 0.0.63 | 0 / 11 | |
| 0.0.62 | 0 / 11 | |
| 0.0.61 | 0 / 11 | |
| 0.0.60 | 0 / 11 | |
| 0.0.59 | 0 / 11 | |
| 0.0.58 | 0 / 11 | |
| 0.0.57 | 0 / 11 | |
| 0.0.56 | 0 / 11 | |
| 0.0.55 | 0 / 11 | |
| 0.0.54 | 0 / 11 | |
| 0.0.53 | 0 / 11 | |
| 0.0.52 | 0 / 11 | |
| 0.0.51 | 0 / 11 | |
| 0.0.50 | 0 / 11 | |
| 0.0.49 | 0 / 11 | |
| 0.0.48 | 0 / 11 | |
| 0.0.47 | 0 / 11 | |
| 0.0.46 | 0 / 11 | |
| 0.0.45 | 0 / 10 | |
| 0.0.44 | 0 / 10 | |
| 0.0.43 | 0 / 10 | |
| 0.0.42 | 0 / 10 | |
| 0.0.1 | 0 / 2 |
v0.0.76
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.75
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.74
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.73
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.72
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.71
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.70
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.69
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.68
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.67
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.66
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.65
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.64
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.63
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.62
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.61
2 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.60
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.59
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.58
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.57
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.56
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.55
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.54
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.53
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.52
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.51
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.50
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.49
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.48
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.47
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.46
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.45
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.44
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.43
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.42
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.1
2 findingsMatched 4 signal(s), weighted score 7: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'oferb-wix' owns 63 packages, ≥70% share a templated name shape. • [S_README_NO_CODE] Short README with no code block, no install instructions, and no usage/API section. • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.