@wix/data
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): New dep is an internal Wix SDK package; consistent with Wix's auto-generated SDK pattern for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Wix auto-generated SDK packages consistently lack descriptions/repo URLs; this is a stable false positive for the @wix/* namespace. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): Wix internal CI publisher; maintainer additions are routine org-level changes for this package family. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Wix internal SDK package; missing description is a consistent pattern across their packages, not a malware signal. | ai | |
| provenance | no-provenance | AI (provenance): Wix CI publisher consistently publishes without Sigstore provenance; stable pattern for this org. | ai |
Versions (showing 51 of 238)
| Version | Deps | Published |
|---|---|---|
| 1.0.466 | 12 / 3 | |
| 1.0.465 | 12 / 3 | |
| 1.0.464 | 11 / 3 | |
| 1.0.463 | 11 / 3 | |
| 1.0.461 | 11 / 3 | |
| 1.0.460 | 11 / 3 | |
| 1.0.459 | 11 / 3 | |
| 1.0.458 | 11 / 3 | |
| 1.0.457 | 11 / 3 | |
| 1.0.456 | 11 / 3 | |
| 1.0.455 | 12 / 3 | |
| 1.0.454 | 12 / 3 | |
| 1.0.453 | 12 / 3 | |
| 1.0.452 | 12 / 3 | |
| 1.0.451 | 12 / 3 | |
| 1.0.450 | 12 / 3 | |
| 1.0.449 | 13 / 3 | |
| 1.0.448 | 13 / 3 | |
| 1.0.447 | 12 / 3 | |
| 1.0.446 | 12 / 3 | |
| 1.0.445 | 12 / 3 | |
| 1.0.444 | 12 / 3 | |
| 1.0.443 | 12 / 3 | |
| 1.0.442 | 12 / 3 | |
| 1.0.441 | 12 / 3 | |
| 1.0.440 | 12 / 3 | |
| 1.0.439 | 13 / 3 | |
| 1.0.435 | 12 / 3 | |
| 1.0.434 | 12 / 3 | |
| 1.0.433 | 12 / 3 | |
| 1.0.432 | 12 / 3 | |
| 1.0.431 | 12 / 3 | |
| 1.0.430 | 12 / 3 | |
| 1.0.429 | 12 / 3 | |
| 1.0.428 | 12 / 3 | |
| 1.0.427 | 12 / 3 | |
| 1.0.426 | 12 / 3 | |
| 1.0.425 | 12 / 3 | |
| 1.0.424 | 12 / 3 | |
| 1.0.423 | 12 / 3 | |
| 1.0.422 | 12 / 3 | |
| 1.0.421 | 12 / 3 | |
| 1.0.420 | 12 / 3 | |
| 1.0.419 | 12 / 3 | |
| 1.0.418 | 12 / 3 | |
| 1.0.417 | 12 / 3 | |
| 1.0.416 | 12 / 3 | |
| 1.0.415 | 12 / 3 | |
| 1.0.414 | 12 / 3 | |
| 1.0.413 | 12 / 3 | |
| 1.0.412 | 12 / 3 |
v1.0.466
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.465
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.464
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.463
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.461
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.460
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.459
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.458
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.457
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.456
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.455
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.454
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.453
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.452
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.451
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.450
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.449
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.446
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.445
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.444
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.443
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.442
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.441
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.440
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.439
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.435
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.434
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.433
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.432
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.431
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.430
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.429
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.428
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.427
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.426
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.425
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.424
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.423
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.422
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.421
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.420
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.419
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.418
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.417
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.416
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.415
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.414
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.413
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.412
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.