@wix/events
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@wix/events_app-extensions | AI (phantom-deps): Same-org Wix SDK dep; phantom-dep false positive consistent with auto-generated SDK package structure. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_events_ricos | AI (dependencies): Follows Wix auto_sdk naming convention consistent with all other deps in this package; part of the same autogen pipeline. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Wix monorepo mass-production pattern; templated names and missing metadata are expected for internal SDK packages. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Wix internal SDK package; missing description is consistent across the @wix/* namespace. | ai | |
| provenance | no-provenance | AI (provenance): Wix CI publisher pattern; no provenance is consistent across this publisher's 423 approved packages. | ai |
Versions (showing 51 of 267)
| Version | Deps | Published |
|---|---|---|
| 1.0.778 | 19 / 3 | |
| 1.0.777 | 19 / 3 | |
| 1.0.776 | 19 / 3 | |
| 1.0.775 | 19 / 3 | |
| 1.0.774 | 19 / 3 | |
| 1.0.773 | 19 / 3 | |
| 1.0.772 | 19 / 3 | |
| 1.0.771 | 19 / 3 | |
| 1.0.770 | 19 / 3 | |
| 1.0.769 | 19 / 3 | |
| 1.0.768 | 19 / 3 | |
| 1.0.767 | 19 / 3 | |
| 1.0.766 | 19 / 3 | |
| 1.0.765 | 19 / 3 | |
| 1.0.764 | 19 / 3 | |
| 1.0.763 | 19 / 3 | |
| 1.0.762 | 19 / 3 | |
| 1.0.761 | 19 / 3 | |
| 1.0.760 | 19 / 3 | |
| 1.0.759 | 19 / 3 | |
| 1.0.758 | 19 / 3 | |
| 1.0.757 | 19 / 3 | |
| 1.0.756 | 19 / 3 | |
| 1.0.755 | 19 / 3 | |
| 1.0.754 | 19 / 3 | |
| 1.0.753 | 19 / 3 | |
| 1.0.752 | 19 / 3 | |
| 1.0.751 | 19 / 3 | |
| 1.0.750 | 19 / 3 | |
| 1.0.749 | 19 / 3 | |
| 1.0.748 | 19 / 3 | |
| 1.0.747 | 19 / 3 | |
| 1.0.746 | 19 / 3 | |
| 1.0.745 | 19 / 3 | |
| 1.0.744 | 19 / 3 | |
| 1.0.743 | 19 / 3 | |
| 1.0.742 | 19 / 3 | |
| 1.0.741 | 19 / 3 | |
| 1.0.740 | 19 / 3 | |
| 1.0.739 | 19 / 3 | |
| 1.0.738 | 19 / 3 | |
| 1.0.737 | 19 / 3 | |
| 1.0.736 | 19 / 3 | |
| 1.0.735 | 19 / 3 | |
| 1.0.734 | 19 / 3 | |
| 1.0.733 | 19 / 3 | |
| 1.0.732 | 19 / 3 | |
| 1.0.731 | 19 / 3 | |
| 1.0.730 | 19 / 3 | |
| 1.0.729 | 19 / 3 | |
| 1.0.728 | 19 / 3 |
v1.0.778
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.777
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.776
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.775
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.774
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.773
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.772
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.771
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.770
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.769
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.768
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.767
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.766
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.765
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.764
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.763
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.762
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.761
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.760
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.759
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.758
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.757
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.756
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.755
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.754
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.753
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.752
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.751
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.750
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.749
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.748
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.747
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.746
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.745
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.744
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.743
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.742
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.741
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.740
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.739
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.738
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.737
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.736
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.735
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.734
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.733
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.732
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.731
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.730
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.729
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.728
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.