@babel/code-frame — Greenflagged

Generate errors that contain a code frame that point to source locations.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

hzooexistentialismnicolo-ribaudojlhwung

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	missing-githead	AI (provenance): Babel monorepo publish workflow change; missing gitHead is a known artifact of their CI/CD evolution, not a security signal for this package.	ai	2026/04/22
maintainer-change	maintainer-removed	AI (maintainer-change): Legacy Babel maintainers removed as part of the Babel team's ongoing restructuring; consistent with the broader @babel/* ecosystem changes.	ai	2026/04/21
provenance	publisher-changed	AI (provenance): Babel monorepo migrated to GitHub Actions CI/CD publishing; this is a documented, intentional transition across all @babel/* packages, not an account compromise.	ai	2026/04/21
publish-pattern	dormant-publish	AI (publish-pattern): Gap reflects registry tracking of only 3 versions, not actual npm dormancy. Babel actively publishes intermediate versions; this is a well-maintained monorepo package.	ai	2026/04/21
publish-pattern	new-deps-added	AI (publish-pattern): js-tokens, picocolors, and @babel/helper-validator-identifier are established packages replacing @babel/highlight; this is a known Babel modernization refactor, not a supply-chain attack vector.	ai	2026/04/21
provenance	no-provenance	AI (provenance): Babel packages predate Sigstore provenance adoption; absence is expected and not a risk signal for this well-established publisher.	ai	2026/04/21
dependencies	unvetted-dep:@babel/highlight	AI (dependencies): @babel/highlight is a standard Babel ecosystem dependency expected for this package; not a risk.	ai	2026/04/21
bogus-package	bogus-package	AI (bogus-package): Babel monorepo packages are mass-produced with templated names, start at high semver versions matching the monorepo release cycle, and lack keywords. These are structural traits of the Babel project, not spam indicators.	ai	2026/04/21

Versions (showing 38 of 38)

Hide prereleases

Version	Deps	Published
7.29.7	3 / 3	2026-05-25
7.29.0	3 / 3	2026-01-31
7.28.6	3 / 3	2026-01-12
7.27.1	3 / 2	2025-04-30
7.26.2	3 / 2	2024-10-30
7.26.0	3 / 2	2024-10-25
7.25.9	2 / 2	2024-10-22
7.25.7	2 / 2	2024-10-02
7.24.7	2 / 2	2024-06-05
7.24.6	2 / 2	2024-05-24
7.24.2	2 / 2	2024-03-19
7.24.1	2 / 2	2024-03-19
7.23.5	2 / 2	2023-11-29
7.23.4	2 / 2	2023-11-20
7.22.13	2 / 2	2023-08-28
7.22.10	2 / 1	2023-08-07
7.22.5	1 / 1	2023-06-08
7.21.4	1 / 1	2023-03-31
7.18.6	1 / 3	2022-06-27
7.16.7	1 / 3	2021-12-31
7.16.0	1 / 3	2021-10-29
7.15.8	1 / 3	2021-10-06
7.14.5	1 / 3	2021-06-09
7.12.13	1 / 3	2021-02-03
7.12.11	1 / 3	2020-12-15
7.10.4	1 / 2	2020-06-30
7.10.3	1 / 2	2020-06-19
7.10.1	1 / 2	2020-05-27
7.8.3	1 / 2	2020-01-13
7.8.0	1 / 2	2020-01-12
7.5.5	1 / 2	2019-07-17
7.0.0	1 / 2	2018-08-27
8.0.0-rc.3	2 / 1	2026-03-16
8.0.0-rc.2	2 / 1	2026-02-15
8.0.0-rc.1	2 / 1	2026-01-31
8.0.0-beta.4	3 / 1	2026-01-12
8.0.0-beta.3	3 / 2	2025-10-23
7.0.0-beta.46	1 / 2	2018-04-23

v7.29.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.