Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
@jupyterlab/running
Advanced tools
A JupyterLab package which provides a listing of currently running kernel sessions and information about them.
4.0.0 - Highlights
Below are the major highlights in JupyterLab 4.0.0.
CodeMirror, the text editor used for cells and file editors, has been updated to CodeMirror 6. This brings important accessibility and performance improvements as well as better customization capabilities. We have also improved the editor settings. Previously, users had to customize settings separately for each type of cell, the file editor, and the console editor. Now, you can change your settings in one place. It is now easier to use the default settings for all editors and to change some settings for specific cases. For example, you can now hide line numbers only for markdown cells.
Developers can now provide editor extensions, like themes and programming language parsers, through new application registries.
Starting with JupyterLab 3, extensions can be installed via Python packages (or other providers of prebuilt extensions).
In JupyterLab 4, building on this feature, the Extension Manager now includes extensions from pypi.org. This removes the build step from installation of extension when using Extension Manager.
Developers can provide an alternative package repository to display their own set of extensions.
The Search and Replace functionality has been improved with new features when searching in a notebook:
Some new elements have been added or changed in the UI:
JupyterLab is not yet fully accessible. Currently, we are focused on making Notebook 7 accessible. A big part of the code is shared, though, and the following accessibility improvements are in JupyterLab 4:
JupyterLab is now faster, thanks to the following improvements:
Notebook windowing might add side effects for example if some cell outputs are displaying iframes. Therefore it is not yet the default value. But we recommend user to switch to it and report bugs to help us polish it. To test it, you
need to set the user setting Notebook > Windowing mode to full
. If you have issues with notebook rendering, try changing back to defer
or none
. (none
should be used as a last resort, because it disables all optimizations.)
JupyterLab 3.6 already made significant improvements to the Real Time Collaboration (RTC) feature. The feature is now in a separate repository: jupyter_collaboration. The rationale is to limit the dependencies for users who don't need RTC. Separating RTC also helps organizations using JupyterLab that do not meet the specific requirements regarding file content management.
To enable RTC, install the jupyter-collaboration
package with either pip
or conda
.
pip install "jupyter-collaboration>=1.0.0a0"
RTC highlights in the standalone jupyter-collboration
package, version 1.0.0, include:
Here are the main tool updates that will benefit extension authors and developers:
We recommend using Node.js v18 or newer, because older versions will reach end of life in 2023 or earlier (see Node release schedule).
To ease code migration to JupyterLab 4, developers should review the migration guide. A few existing extensions have already been migrated and can be used as examples:
<!-- <START NEW CHANGELOG ENTRY> -->FAQs
JupyterLab - Running Sessions Panel
The npm package @jupyterlab/running receives a total of 11,512 weekly downloads. As such, @jupyterlab/running popularity was classified as popular.
We found that @jupyterlab/running demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.