@wix/headless-bookings
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | url-dep:@wix/form-public | AI (npm-metadata): Wix internal CDN URL dependency; consistent with Wix's publishing infrastructure across their package ecosystem. | ai | |
| phantom-deps | phantom-dep:@wix/sdk-runtime | AI (phantom-deps): Same org scope (@wix); likely a peer/indirect dep not directly imported in source. | ai | |
| phantom-deps | phantom-dep:@wix/sdk-types | AI (phantom-deps): Same org scope (@wix); likely a type-only dep not directly imported in source. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Removed maintainers are Wix employees; consistent with org-wide CI/maintainer migration. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): New maintainers are Wix org accounts; consistent with internal team restructuring. | ai | |
| provenance | publisher-changed | AI (provenance): wix-ci-publisher is the established Wix CI automation account with 2267 approved packages; publisher change reflects org-wide CI migration. | ai | |
| provenance | missing-githead | AI (provenance): Consistent with CI pipeline change at Wix; no malicious indicators present. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Internal Wix scoped package; missing description is a stable pattern across this publisher's packages. | ai | |
| provenance | no-provenance | AI (provenance): Wix CI publisher consistently publishes without Sigstore provenance; stable false positive for this package family. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Internal scoped @wix package; no repo/homepage/keywords is consistent with private org packages, not spam. | ai |
Versions (showing 100 of 128)
| Version | Deps | Published |
|---|---|---|
| 1.0.10 | 15 / 23 | |
| 1.0.9 | 12 / 13 | |
| 1.0.8 | 12 / 13 | |
| 1.0.7 | 11 / 13 | |
| 1.0.6 | 11 / 13 | |
| 1.0.5 | 11 / 13 | |
| 1.0.4 | 11 / 13 | |
| 1.0.3 | 11 / 13 | |
| 1.0.2 | 11 / 13 | |
| 1.0.1 | 10 / 13 | |
| 1.0.0 | 9 / 13 | |
| 0.0.118 | 9 / 13 | |
| 0.0.117 | 9 / 13 | |
| 0.0.116 | 9 / 13 | |
| 0.0.115 | 9 / 13 | |
| 0.0.114 | 9 / 13 | |
| 0.0.113 | 10 / 13 | |
| 0.0.112 | 10 / 13 | |
| 0.0.111 | 10 / 13 | |
| 0.0.110 | 10 / 13 | |
| 0.0.109 | 10 / 13 | |
| 0.0.108 | 10 / 13 | |
| 0.0.107 | 10 / 12 | |
| 0.0.106 | 10 / 12 | |
| 0.0.105 | 10 / 12 | |
| 0.0.104 | 10 / 12 | |
| 0.0.103 | 10 / 12 | |
| 0.0.102 | 10 / 12 | |
| 0.0.101 | 10 / 12 | |
| 0.0.100 | 10 / 12 | |
| 0.0.99 | 10 / 12 | |
| 0.0.98 | 10 / 12 | |
| 0.0.97 | 10 / 12 | |
| 0.0.96 | 10 / 12 | |
| 0.0.95 | 10 / 12 | |
| 0.0.94 | 10 / 12 | |
| 0.0.93 | 10 / 12 | |
| 0.0.92 | 10 / 12 | |
| 0.0.91 | 10 / 12 | |
| 0.0.90 | 10 / 12 | |
| 0.0.89 | 10 / 12 | |
| 0.0.88 | 10 / 12 | |
| 0.0.87 | 10 / 12 | |
| 0.0.86 | 10 / 12 | |
| 0.0.85 | 10 / 12 | |
| 0.0.84 | 10 / 12 | |
| 0.0.83 | 10 / 12 | |
| 0.0.82 | 10 / 12 | |
| 0.0.81 | 10 / 12 | |
| 0.0.80 | 10 / 12 | |
| 0.0.79 | 10 / 12 | |
| 0.0.78 | 10 / 12 | |
| 0.0.77 | 10 / 12 | |
| 0.0.76 | 10 / 12 | |
| 0.0.75 | 10 / 12 | |
| 0.0.74 | 10 / 12 | |
| 0.0.72 | 10 / 12 | |
| 0.0.71 | 10 / 12 | |
| 0.0.70 | 10 / 12 | |
| 0.0.69 | 10 / 12 | |
| 0.0.68 | 10 / 12 | |
| 0.0.67 | 10 / 12 | |
| 0.0.66 | 10 / 12 | |
| 0.0.65 | 10 / 12 | |
| 0.0.64 | 10 / 12 | |
| 0.0.63 | 10 / 12 | |
| 0.0.62 | 10 / 12 | |
| 0.0.61 | 10 / 12 | |
| 0.0.60 | 10 / 12 | |
| 0.0.59 | 10 / 12 | |
| 0.0.58 | 10 / 12 | |
| 0.0.57 | 10 / 12 | |
| 0.0.56 | 10 / 12 | |
| 0.0.55 | 10 / 12 | |
| 0.0.54 | 10 / 12 | |
| 0.0.53 | 10 / 12 | |
| 0.0.52 | 10 / 12 | |
| 0.0.51 | 10 / 12 | |
| 0.0.50 | 10 / 12 | |
| 0.0.49 | 10 / 12 | |
| 0.0.48 | 10 / 12 | |
| 0.0.47 | 10 / 12 | |
| 0.0.46 | 10 / 12 | |
| 0.0.45 | 10 / 12 | |
| 0.0.44 | 10 / 12 | |
| 0.0.43 | 10 / 12 | |
| 0.0.42 | 10 / 12 | |
| 0.0.41 | 10 / 12 | |
| 0.0.40 | 10 / 12 | |
| 0.0.39 | 10 / 12 | |
| 0.0.38 | 10 / 12 | |
| 0.0.37 | 10 / 12 | |
| 0.0.36 | 10 / 12 | |
| 0.0.35 | 10 / 12 | |
| 0.0.34 | 10 / 12 | |
| 0.0.33 | 10 / 12 | |
| 0.0.32 | 10 / 12 | |
| 0.0.31 | 10 / 12 | |
| 0.0.30 | 10 / 12 | |
| 0.0.29 | 10 / 12 |
v1.0.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.5
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.4
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.3
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.1
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.118
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.117
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-04-14, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.116
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-04-12, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.115
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-28, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.114
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-22, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.113
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-22, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.112
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-22, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.111
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-21, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.110
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-21, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.109
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-21, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.108
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-21, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.107
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-20, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.106
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-20, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.105
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-19, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.104
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-19, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.103
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-16, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.102
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-16, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.101
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-15, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.100
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-15, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.99
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-14, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.98
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-14, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.97
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-14, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.96
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-13, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.95
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-13, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.94
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-13, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.93
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-11, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.92
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-11, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.91
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-11, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.90
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-11, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.89
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-11, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.88
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-11, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.87
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-08, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.86
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-07, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.85
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-07, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.84
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-07, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.83
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-07, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.82
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-07, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.81
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-06, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.80
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-06, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.79
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-06, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.78
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-06, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.77
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-06, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.76
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-05, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.75
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-04, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.74
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: wix-ci-publisher.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (wix-ci-publisher) than the most recent previously approved version (yurynix) on 2026-01-04, but wix-ci-publisher is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.0.72
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.71
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.70
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.69
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.68
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.67
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.66
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.65
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.64
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.63
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.62
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.61
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.60
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.59
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.58
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.57
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.56
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.55
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.54
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.53
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.52
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.51
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.50
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.49
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.48
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.47
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.46
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.45
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.44
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.43
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.42
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.41
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.40
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.39
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.38
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.37
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.36
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.35
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.34
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.33
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.32
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.31
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.30
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.29
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.