Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
@jupyterlab/apputils-extension
Advanced tools
@jupyterlab/apputils-extension
A JupyterLab extension which provides an entry point for several of the UI elements and utilities in @jupyterlab/apputils.
4.4.0
New features added
- Add Settings Import Feature from a JSON File #16994 (@Darshan808)
- Support kernel subshells #16963 (@ianthomas23)
Enhancements made
- Create "Kernels" section, split statusbar settings #17415 (@krassowski)
- Add
IKernelSpecAPICLientandITerminalAPIClient, fix definitions of interfaces #17395 (@jtpio) - If subshells are supported by the kernel, send comm messages to subshells #17363 (@martinRenou)
- Add a setting to disable the context menu #17352 (@afshin)
- Add
IKernelAPIClientandISessionAPIClientas options forKernel.IManagerandSession.IManager#17348 (@jtpio) - Fix checkbox alignment in dialog using
display: flex#17343 (@SatyajitRedekar) - Speed up output rendering: add a limit on max length of protocol to linkify #17264 (@krassowski)
- Remove spurious regex to slightly improve performance of streaming large outputs #17262 (@krassowski)
- Add (opt-in) workspace selector, show workspace name in the title #17256 (@Darshan808)
- Add commands to change the console prompt position to the palette #17253 (@jtpio)
- Improve UX for "Rename on First Save" Dialog #17217 (@MUFFANUJ)
- Replace R logo with official logo #17216 (@ajbozarth)
- Bump
@codemirror/lang-pythonto provide match-case indentation #17189 (@deephbz) - Remove
--subshell-consoleflag #17180 (@ianthomas23) - Add Content Provider API #17092 (@krassowski)
- Copy edits in
CONTRIBUTING.md#17078 (@JasonWeill) - Add option to render markdown cells upon exit #17076 (@peytondmurray)
- Add option for automatic Fill-in-the-Middle inline completion #17067 (@Darshan808)
- Update the form schema if it changed #16907 (@brichet)
- Export user preference settings to a json file #16896 (@Darshan808)
- Add more descriptive labels for fetching Jupyter news options #16848 (@Adam-D-Lewis)
- Hide the terminals part of the running sessions status bar item by default #16846 (@jtpio)
- Allow customizing the
ServiceManagerwith plugins #16794 (@jtpio) - Move
@jupyterlab/debuggericons to@jupyterlab/ui-components#16745 (@joaopalmeiro) - Add option to disable input placeholder text #16713 (@maitreya2954)
- Allow changing the position of the code console prompt cell, add settings and toolbar items #13837 (@jtpio)
Bugs fixed
- Fix CommandPalette gets re-rendered even if hidden #17442 (@fcollonval)
- Add distinct accessible aria label for each toolbar #17441 (@nkn2022)
- Fix read-only indicator not showing in RTC docprovider #17440 (@Darshan808)
- Fix visual indication for drag and drop in editor #17438 (@MUFFANUJ)
- Fix usage of
ITerminalAPIClientinTerminalConnection#17437 (@jtpio) - Fix for filebrowser tooltip rendering the kernel info repeatedly #17421 (@itsmevichu)
- More specific selector for "Copy Output to Clipboard" #17413 (@jtpio)
- Fix rendering URLs as linked in errors #17371 (@afshin)
- Fix cell output stream if previous chunk did not end in new line #17369 (@davidbrochart)
- Use "Move to Trash" over "Delete" when contents manager's
delete_to_trashisTrue#17359 (@jesuino) - Add widget ID arg to semantic command invocations #17350 (@afshin)
- Improve scrolling edge cases #17339 (@krassowski)
- Fix HTML lang attribute #17337 (@fcollonval)
- Fix typo in LSP console message on kernel change #17323 (@iisakkirotko)
- Fix handling of a
nullbanner in the code console #17322 (@jtpio) - Updated enabling logic for run-all-below button on Notebook Panel #17298 (@rsaditya01)
- Disable new
ctrl+mtoggle focus binding, enable configuring it via Keyboard Shortcuts #17291 (@krassowski) - Fix order of extensions in PyPI Extension Manager #17266 (@Princekumarofficial)
- Allow
<GroupItem>to filter outnullchildren and accept anyReactNode#17244 (@MUFFANUJ) - Cache item state to improve filebrowser's performance #17239 (@Rishab87)
- Fix windowing crash due to out-of-bounds access #17238 (@krassowski)
- Fix vertical scrollbar issue caused by
\tag{}directive in LaTeX #17223 (@MUFFANUJ) - Fix display of tooltip/title for terminal and kernel sessions statusbar item #17220 (@MUFFANUJ)
- Fix disabling Fuzzy Filtering in the File Browser #17214 (@Darshan808)
- Fix for inconsistent tab closure in "Close All Tabs" operation #17203 (@itsmevichu)
- Fix "running" prompt state with server-side execution #17195 (@krassowski)
- Fix for issue preventing cell metadata removal #17194 (@itsmevichu)
- Add missing aria labels in application shell #17192 (@Rishab87)
- Fix misaligned SVG icon in "Add Tag" button #17187 (@MUFFANUJ)
- Increase color contrast of operators in code editor #17173 (@hxrshxz)
- Fix read-only cells becoming editable on settings change #17167 (@Darshan808)
- Ensure search highlight is applied to Python builtin keywords #17160 (@hxrshxz)
- Fix scrolling and selection restoration on undo/redo #17158 (@krassowski)
- Fix emission of
lastCellfrom notebook run actions #17156 (@pawel99k) - Improve contrast for 'Add' button in Keyboard Shortcuts UI in both dark and light theme #17153 (@hxrshxz)
- Fixed Missing Comma in devcontainer.json to enable functional configuration #17150 (@hxrshxz)
- Fixing dialog closing unexpectedly when typing in the textarea #17142 (@Rishab87)
- Fix setter for
contentProviderId#17141 (@jtpio) - Fix title for overscan count option #17130 (@krassowski)
- Ensure context menu closes when clicking outside it in the minimap #17128 (@peytondmurray)
- Respect query argument in
settingeditor:openwhen settings editor is already open #17121 (@andrewfulton9) - Fix sanitizer call in ToC if html data is array of strings #17114 (@martenrichter)
- Use bare string
proxiesparameter forhttpx<0.28 #17113 (@AmberArr) - Add missing
bind(this)toNotebookAdapter'sisReadyfunction #17109 (@martenrichter) - Fix background of the popup toolbar #17098 (@krassowski)
- Focus terminal after copy and paste operations #17097 (@krassowski)
- Sync Settings Editor with Updated Settings #17091 (@Darshan808)
- Fix consecutive invocations of inline completion #17082 (@fcollonval)
- Fix contrast for unselected search matches in Dark High Contrast theme #17065 (@krassowski)
- Bump
@codemirrorpackages #17064 (@jtpio) - Use
AsyncHTTPTransportoverHTTPTransportforhttpx#17058 (@krassowski) - Reset resizeData after column adjustment to allow file dragging #17047 (@Darshan808)
- Fix newline handling in stream outputs #17043 (@davidbrochart)
- Fix filebrowser name order #17038 (@Nriver)
- Improve performance of rendering stdout/stderr #17022 (@krassowski)
- Fixing missed first keystroke on Ctrl+F #17005 (@itsmevichu)
- Fix disappearing cells (heal offsets after updating estimated sizes) #17000 (@krassowski)
- Fix handling of carriage return in output streams #16999 (@davidbrochart)
- Fix emission of
FileBrowserModel.onFileChangedfor drives (includingRTC:) #16988 (@davidbrochart) - Restore viewport
min-heightwhen not windowing #16979 (@brichet) - Fix regression in standard error rendering performance #16975 (@krassowski)
- Drag image prompt styling #16972 (@JasonWeill)
- Remove unused CSS #16968 (@mgeier)
- Fix moving files when
Last Modifiedcolumn is hidden #16962 (@krassowski) - Fix prefix removal when reconciling completions from multiple sources #16953 (@krassowski)
- Fix total size estimation in full windowing mode to reduce scrollbar jitter #16950 (@krassowski)
- Enable Scroll for Overflowing Menus on Small Screens #16945 (@Darshan808)
- Disable paste for read-only markdown cells & fix replace all for markdown cells #16943 (@itsmevichu)
- Fix Regex Functionality for Find and Replace / Replace All #16940 (@itsmevichu)
- Improve drag image styling #16936 (@JasonWeill)
- Add clarification about FileFormat in
Services.Contents#16927 (@cmarmo) - Reuse serverSettings when reopen an existing terminal #16921 (@ianthomas23)
- Maintain autosave timers while disconnected #16903 (@holzman)
- Abort saving if a file cannot be saved #16900 (@JasonWeill)
- Fix triggering completer on the beginning of the lines #16863 (@andrewfulton9)
- Fix for unable to lock any extension #16213 (@itsmevichu)
Maintenance and upkeep improvements
- Do not try to prettier
.mypy_cache#17444 (@krassowski) - Bump vega from 5.31.0 to 5.32.0 #17436 (@dependabot)
- Make
ILabShelloptional in the logconsole extension #17430 (@jtpio) - Fix types in translation package, remove usages of
any#17414 (@krassowski) - Remove workflow using
tj-actions/changed-files#17398 (@jtpio) - Fix definition of the
ILicensesClientinterface #17397 (@jtpio) - Update to mermaid 11.6.0, marked 15.0.7 #17396 (@bollwyvl)
- Bump nanoid from 3.3.7 to 3.3.9 in /jupyterlab/tests/mock_packages/test_no_hyphens #17387 (@dependabot)
- Bump @babel/helpers from 7.21.0 to 7.26.10 #17385 (@dependabot)
- Bump axios from 1.7.4 to 1.8.2 #17380 (@dependabot)
- Update the copyright year to 2025 #17379 (@jtpio)
- Update to Playwright 1.51.0 #17372 (@jtpio)
- Require
JupyterLab.IInfofor the plugin manager plugin #17367 (@jtpio) - Move the licenses plugin to
apputils-extension#17361 (@jtpio) - Bump the actions group with 2 updates #17353 (@dependabot)
- Expose
ConfigSectionManagervia a plugin #17345 (@jtpio) - Enforce plugin name convention and rename noncompliant plugins #17338 (@jtpio)
- Use
ITranslationConnectorto fetch the translations #17329 (@jtpio) - Normalize translator plugin ids #17328 (@jtpio)
- Provide
ISettingsConnectorvia a separate plugin #17327 (@jtpio) - Provide
ITranslatorConnectorvia a separate plugin #17325 (@jtpio) - Bump
semverandtough-cookieto non-vulnerable versions #17319 (@dlqqq) - Bump dompurify from 3.2.3 to 3.2.4 #17305 (@dependabot)
- Bump vega from 5.24.0 to 5.26.0 #17295 (@dependabot)
- Clean up references to
jupyter-packaging#17294 (@jtpio) - Fix missing checks for author comment association for docs #17289 (@krassowski)
- Fix CI failures caused by changes in
jupyterlab-demo#17283 (@krassowski) - Update to Lumino
2025.2.1, fix the console prompt menu alignment #17274 (@jtpio) - Update to TypeScript 5.5 #17271 (@jtpio)
- Use the same
isPalettearg as for other commands #17258 (@jtpio) - Update to TypeScript 5.4 #17255 (@jtpio)
- Update to Playwright 1.50 #17254 (@jtpio)
- Bump tj-actions/changed-files from 45.0.5 to 45.0.6 in the actions group #17249 (@dependabot)
- Bump the pip group with 2 updates #17248 (@dependabot)
- Improving reliability of the the galata tests #17221 (@Darshan808)
- Updated mock packages to use hatch-jupyter-builder #17219 (@Rishab87)
- Update to TypeScript 5.2 #17207 (@jtpio)
- Bump katex from 0.16.11 to 0.16.21 #17185 (@dependabot)
- Remove
skipLibCheckfrom the testtsconfig#17143 (@jtpio) - Bump tj-actions/changed-files from 45.0.4 to 45.0.5 in the actions group #17134 (@dependabot)
- Bump the pip group with 3 updates #17133 (@dependabot)
- Fix exposing
ISignalinstead ofSignal#17122 (@jtpio) - Add pixi files to various ignore files #17120 (@jtpio)
- Bump systeminformation from 5.21.8 to 5.23.8 #17116 (@dependabot)
- Workaround the Chromium bug with
navigator.language#17094 (@krassowski) - Update to Playwright 1.49 #17085 (@jtpio)
- Bump the pip group across 1 directory with 4 updates #17081 (@dependabot)
- Update to
typedoc0.27.4 #17070 (@bollwyvl) - Bump
nanoidfrom 3.3.6 to to 3.3.8 #17057 (@krassowski) - Restore bottom
httpxversion window #17041 (@bollwyvl) - Bump cross-spawn from 7.0.3 to 7.0.6 in /jupyterlab/tests/mock_packages/test-hyphens-underscore #17040 (@dependabot)
- Drop Python 3.8 #17036 (@jtpio)
- Fixes debugger UI-test with python>=3.12 #17024 (@brichet)
- Bump tj-actions/changed-files from 45.0.3 to 45.0.4 in the actions group #17019 (@dependabot)
- Fix extension manager failure with new
httpxversions, bumphttpxtov0.28.0#17013 (@davidbrochart) - Pin Python version for visual regression testing to 3.11 #16989 (@krassowski)
- Fix a test in
terminal.spec.ts#16942 (@holzman) - Fix
docmanager/savehandler"continue to save" test #16933 (@holzman) - Update sphinx requirement from <8.1.0,>=1.8 to >=1.8,<8.2.0 in the pip group across 1 directory #16922 (@dependabot)
- Bump tj-actions/changed-files from 45.0.2 to 45.0.3 in the actions group #16911 (@dependabot)
- Bump mermaid from 10.7.0 to 10.9.3 #16885 (@dependabot)
- Run CI on Python 3.9 and 3.13 (drop 3.8 from testing matrix) #16852 (@krassowski)
- Upgrade to
mermaid11.x,marked15.x #15733 (@bollwyvl)
Documentation improvements
- Update changelog links, add new code console screenshot #17392 (@jtpio)
- User-facing changelog for 4.4 #17368 (@krassowski)
- Sort the list of plugins and tokens in the documentation #17364 (@jtpio)
- If subshells are supported by the kernel, send comm messages to subshells #17363 (@martinRenou)
- Move the licenses plugin to
apputils-extension#17361 (@jtpio) - Expose
ConfigSectionManagervia a plugin #17345 (@jtpio) - Enforce plugin name convention and rename noncompliant plugins #17338 (@jtpio)
- Clarify documentation on bot privileges for updating snapshots #17336 (@Princekumarofficial)
- Fix heading levels in extension migration guide #17332 (@krassowski)
- Normalize translator plugin ids #17328 (@jtpio)
- Add FAQ item about repeated key press events on OS X #17279 (@jtpio)
- Add item about nightly releases to the FAQ #17278 (@jtpio)
- Update to TypeScript 5.5 #17271 (@jtpio)
- Update to TypeScript 5.4 #17255 (@jtpio)
- Allow
<GroupItem>to filter outnullchildren and accept anyReactNode#17244 (@MUFFANUJ) - Update link to the Zoom channel #17209 (@jtpio)
- Update to TypeScript 5.2 #17207 (@jtpio)
- Document named attributes sanitization #17178 (@hxrshxz)
- Use more formal wording in docs:
repo→repository#17152 (@pdarshane) - Fix jupyverse installation instructions #17137 (@SamuelMarks)
- Update docs to include export and import functionality for overrides.json #17104 (@Darshan808)
- Add Content Provider API #17092 (@krassowski)
- Copy edits in
CONTRIBUTING.md#17078 (@JasonWeill) - Update to
typedoc0.27.4 #17070 (@bollwyvl) - Drop Python 3.8 #17036 (@jtpio)
- Use Zulip for instant messaging #17031 (@jtpio)
- Update to
typedoc0.26, fix missing module pages #17006 (@bollwyvl) - Add forgotten bracket in code sample #16998 (@cmarmo)
- Document
IInlineCompletionItem.token#16959 (@fcollonval) - Add clarification about FileFormat in
Services.Contents#16927 (@cmarmo) - Fix inconsistency in
Contents.IChangedArgsdocumentation #16918 (@cmarmo) - Fix triggering completer on the beginning of the lines #16863 (@andrewfulton9)
- Allow customizing the
ServiceManagerwith plugins #16794 (@jtpio) - Move
@jupyterlab/debuggericons to@jupyterlab/ui-components#16745 (@joaopalmeiro)
Contributors to this release
(GitHub contributors page for this release)
@Adam-D-Lewis | @afshin | @ajbozarth | @AmberArr | @andrewfulton9 | @andreytaboola | @andrii-i | @bollwyvl | @brichet | @Carreau | @claytonparnell | @cmarmo | @Darshan808 | @davidbrochart | @deephbz | @dependabot | @dlqqq | @echarles | @fcollonval | @fleming79 | @github-actions | @holzman | @hxrshxz | @ianthomas23 | @iisakkirotko | @itsmevichu | @JasonWeill | @jesuino | @joaopalmeiro | @jtpio | @jupyterlab-probot | @kellyrowland | @krassowski | @kuraga | @lumberbot-app | @maitreya2954 | @martenrichter | @martinRenou | @mgeier | @MUFFANUJ | @nkn2022 | @Nriver | @pawel99k | @pdarshane | @peytondmurray | @pre-commit-ci | @Princekumarofficial | @Rishab87 | @rpwagner | @RRosio | @rsaditya01 | @SamuelMarks | @SatyajitRedekar | @SylvainCorlay | @trungleduc | @Zsailer
FAQs
JupyterLab - Application Utilities Extension
The npm package @jupyterlab/apputils-extension receives a total of 17,463 weekly downloads. As such, @jupyterlab/apputils-extension popularity was classified as popular.
We found that @jupyterlab/apputils-extension demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Package last updated on 03 Apr 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025