@wix/stores
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): Wix internal monorepo package; mass-production naming and missing metadata are expected for this publisher's packages. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Internal Wix package; missing description is stable pattern for internal tooling. | ai | |
| provenance | no-provenance | AI (provenance): Provenance adoption is sparse across npm; not a signal for this established package. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_brands-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_collections | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_ribbons-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_products-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_abandoned-carts | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_info-sections-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/headless-stores | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_customizations-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_catalog-imports-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_inventory-items-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_stores-locations-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_read-only-variants-v-3 | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_catalog-versioning | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/stores_app-extensions | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai | |
| dependencies | unvetted-dep:@wix/auto_sdk_stores_wishlist | AI (dependencies): First-party Wix org dependency; consistent with Wix SDK monorepo pattern. | ai |
Versions (showing 51 of 374)
| Version | Deps | Published |
|---|---|---|
| 1.0.808 | 19 / 3 | |
| 1.0.807 | 19 / 3 | |
| 1.0.806 | 19 / 3 | |
| 1.0.805 | 19 / 3 | |
| 1.0.804 | 19 / 3 | |
| 1.0.803 | 19 / 3 | |
| 1.0.802 | 19 / 3 | |
| 1.0.801 | 19 / 3 | |
| 1.0.800 | 19 / 3 | |
| 1.0.799 | 19 / 3 | |
| 1.0.798 | 19 / 3 | |
| 1.0.797 | 19 / 3 | |
| 1.0.796 | 19 / 3 | |
| 1.0.795 | 19 / 3 | |
| 1.0.794 | 19 / 3 | |
| 1.0.793 | 19 / 3 | |
| 1.0.792 | 19 / 3 | |
| 1.0.791 | 19 / 3 | |
| 1.0.790 | 19 / 3 | |
| 1.0.789 | 19 / 3 | |
| 1.0.788 | 19 / 3 | |
| 1.0.787 | 19 / 3 | |
| 1.0.786 | 19 / 3 | |
| 1.0.785 | 19 / 3 | |
| 1.0.784 | 19 / 3 | |
| 1.0.783 | 19 / 3 | |
| 1.0.782 | 19 / 3 | |
| 1.0.781 | 19 / 3 | |
| 1.0.780 | 19 / 3 | |
| 1.0.779 | 19 / 3 | |
| 1.0.778 | 19 / 3 | |
| 1.0.777 | 19 / 3 | |
| 1.0.776 | 19 / 3 | |
| 1.0.775 | 19 / 3 | |
| 1.0.774 | 19 / 3 | |
| 1.0.773 | 19 / 3 | |
| 1.0.772 | 19 / 3 | |
| 1.0.771 | 19 / 3 | |
| 1.0.770 | 19 / 3 | |
| 1.0.769 | 18 / 3 | |
| 1.0.768 | 18 / 3 | |
| 1.0.767 | 18 / 3 | |
| 1.0.766 | 18 / 3 | |
| 1.0.765 | 18 / 3 | |
| 1.0.764 | 18 / 3 | |
| 1.0.763 | 18 / 3 | |
| 1.0.762 | 18 / 3 | |
| 1.0.761 | 18 / 3 | |
| 1.0.760 | 18 / 3 | |
| 1.0.759 | 18 / 3 | |
| 1.0.758 | 18 / 3 |
v1.0.808
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.807
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.806
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.805
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.804
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.803
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.802
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.801
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.800
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.799
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.798
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.797
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.796
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.795
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.794
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.793
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.792
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.791
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.790
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.789
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.788
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.787
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.786
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.785
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.784
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.783
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.782
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.781
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.780
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.779
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.778
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.777
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.776
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.775
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.774
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.773
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.772
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.771
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.770
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.769
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.768
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.767
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.766
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.765
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.764
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.763
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.762
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.761
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.760
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.759
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.