@babel/code-frame
Generate errors that contain a code frame that point to source locations.
32
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
hzooexistentialismnicolo-ribaudojlhwung
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | missing-githead | AI (provenance): Babel monorepo publish workflow change; missing gitHead is a known artifact of their CI/CD evolution, not a security signal for this package. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Legacy Babel maintainers removed as part of the Babel team's ongoing restructuring; consistent with the broader @babel/* ecosystem changes. | ai | |
| provenance | publisher-changed | AI (provenance): Babel monorepo migrated to GitHub Actions CI/CD publishing; this is a documented, intentional transition across all @babel/* packages, not an account compromise. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Gap reflects registry tracking of only 3 versions, not actual npm dormancy. Babel actively publishes intermediate versions; this is a well-maintained monorepo package. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): js-tokens, picocolors, and @babel/helper-validator-identifier are established packages replacing @babel/highlight; this is a known Babel modernization refactor, not a supply-chain attack vector. | ai | |
| provenance | no-provenance | AI (provenance): Babel packages predate Sigstore provenance adoption; absence is expected and not a risk signal for this well-established publisher. | ai | |
| dependencies | unvetted-dep:@babel/highlight | AI (dependencies): @babel/highlight is a standard Babel ecosystem dependency expected for this package; not a risk. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Babel monorepo packages are mass-produced with templated names, start at high semver versions matching the monorepo release cycle, and lack keywords. These are structural traits of the Babel project, not spam indicators. | ai |
Versions (showing 32 of 32)
| Version | Deps | Published |
|---|---|---|
| 7.29.7 | 3 / 3 | |
| 7.29.0 | 3 / 3 | |
| 7.28.6 | 3 / 3 | |
| 7.27.1 | 3 / 2 | |
| 7.26.2 | 3 / 2 | |
| 7.26.0 | 3 / 2 | |
| 7.25.9 | 2 / 2 | |
| 7.25.7 | 2 / 2 | |
| 7.24.7 | 2 / 2 | |
| 7.24.6 | 2 / 2 | |
| 7.24.2 | 2 / 2 | |
| 7.24.1 | 2 / 2 | |
| 7.23.5 | 2 / 2 | |
| 7.23.4 | 2 / 2 | |
| 7.22.13 | 2 / 2 | |
| 7.22.10 | 2 / 1 | |
| 7.22.5 | 1 / 1 | |
| 7.21.4 | 1 / 1 | |
| 7.18.6 | 1 / 3 | |
| 7.16.7 | 1 / 3 | |
| 7.16.0 | 1 / 3 | |
| 7.15.8 | 1 / 3 | |
| 7.14.5 | 1 / 3 | |
| 7.12.13 | 1 / 3 | |
| 7.12.11 | 1 / 3 | |
| 7.10.4 | 1 / 2 | |
| 7.10.3 | 1 / 2 | |
| 7.10.1 | 1 / 2 | |
| 7.8.3 | 1 / 2 | |
| 7.8.0 | 1 / 2 | |
| 7.5.5 | 1 / 2 | |
| 7.0.0 | 1 / 2 |
v7.29.7
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.