← Home

@wix/editor

npm
5
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

yoavwix-cishahatawixnpmwix-ambassadorwix-ci-publisherwix-bi-publishergalil-teamusability-sessionsyurynixydanivmayacoamitde007haimbrum-wixyoungshinobiethanpshlomitc-wixarielhwix-org-headlessfalconcinadavlacroir-wixdorchaouat

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@wix/admin AI (dependencies): Internal Wix dependency consistent with this package's ecosystem; stable pattern across versions. ai
bogus-package bogus-package AI (bogus-package): Wix internal CI-published package; no repo/keywords/homepage is standard for their monorepo artifacts. ai
license uncommon-license:UNLICENSED AI (license): Proprietary Wix package; UNLICENSED is appropriate for internal corporate packages. ai
provenance no-provenance AI (provenance): Internal Wix package; provenance attestation is a best-practice enhancement, not a blocker. ai
dependencies unvetted-dep:@wix/editor-platform-environment-api AI (dependencies): Internal @wix/* scoped dep consistent with Wix ecosystem. ai
dependencies unvetted-dep:@wix/workspace AI (dependencies): Internal @wix/* scoped dep consistent with Wix ecosystem; stable pattern across versions. ai
dependencies unvetted-dep:@wix/public-editor-platform-interfaces AI (dependencies): Internal @wix/* scoped dep consistent with Wix ecosystem. ai
dependencies unvetted-dep:@wix/editor-platform-contexts AI (dependencies): Internal @wix/* scoped dep consistent with Wix ecosystem. ai
dependencies unvetted-dep:@wix/monitoring-browser-sdk-host AI (dependencies): Internal @wix/* scoped dep consistent with Wix ecosystem. ai
dependencies unvetted-dep:@wix/public-editor-platform-errors AI (dependencies): Internal @wix/* scoped dep consistent with Wix ecosystem. ai

Versions (showing 5 of 225)

Version Deps Published
1.368.0 7 / 10
1.367.0 7 / 10
1.366.0 7 / 10
1.365.0 7 / 10
1.364.0 7 / 10

v1.368.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.367.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.366.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.365.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.364.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.