Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
@jupyterlab/lsp
Advanced tools
4.0.0 - Highlights
Below are the major highlights in JupyterLab 4.0.0.
CodeMirror, the text editor used for cells and file editors, has been updated to CodeMirror 6. This brings important accessibility and performance improvements as well as better customization capabilities. We have also improved the editor settings. Previously, users had to customize settings separately for each type of cell, the file editor, and the console editor. Now, you can change your settings in one place. It is now easier to use the default settings for all editors and to change some settings for specific cases. For example, you can now hide line numbers only for markdown cells.
Developers can now provide editor extensions, like themes and programming language parsers, through new application registries.
Starting with JupyterLab 3, extensions can be installed via Python packages (or other providers of prebuilt extensions).
In JupyterLab 4, building on this feature, the Extension Manager now includes extensions from pypi.org. This removes the build step from installation of extension when using Extension Manager.
Developers can provide an alternative package repository to display their own set of extensions.
The Search and Replace functionality has been improved with new features when searching in a notebook:
Some new elements have been added or changed in the UI:
JupyterLab is not yet fully accessible. Currently, we are focused on making Notebook 7 accessible. A big part of the code is shared, though, and the following accessibility improvements are in JupyterLab 4:
JupyterLab is now faster, thanks to the following improvements:
Notebook windowing might add side effects for example if some cell outputs are displaying iframes. Therefore it is not yet the default value. But we recommend user to switch to it and report bugs to help us polish it. To test it, you
need to set the user setting Notebook > Windowing mode to full
. If you have issues with notebook rendering, try changing back to defer
or none
. (none
should be used as a last resort, because it disables all optimizations.)
JupyterLab 3.6 already made significant improvements to the Real Time Collaboration (RTC) feature. The feature is now in a separate repository: jupyter_collaboration. The rationale is to limit the dependencies for users who don't need RTC. Separating RTC also helps organizations using JupyterLab that do not meet the specific requirements regarding file content management.
To enable RTC, install the jupyter-collaboration
package with either pip
or conda
.
pip install "jupyter-collaboration>=1.0.0a0"
RTC highlights in the standalone jupyter-collboration
package, version 1.0.0, include:
Here are the main tool updates that will benefit extension authors and developers:
We recommend using Node.js v18 or newer, because older versions will reach end of life in 2023 or earlier (see Node release schedule).
To ease code migration to JupyterLab 4, developers should review the migration guide. A few existing extensions have already been migrated and can be used as examples:
<!-- <START NEW CHANGELOG ENTRY> -->FAQs
Unknown package
The npm package @jupyterlab/lsp receives a total of 18,840 weekly downloads. As such, @jupyterlab/lsp popularity was classified as popular.
We found that @jupyterlab/lsp demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.