Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Jupyter server extension that allows mixing local and remote kernels together
This package provides a Jupyter Server extension that allows you to run local and remote kernels side by side.
It does this by "mixing" the local and remote kernels together into a single collection containing both.
This collection then keeps track of whether specific kernels were local or remote and forwards any corresponding kernel requests accordingly.
Install the kernels-mixer
Python package using pip
:
pip install kernels-mixer
If you do not already have a Jupyter config file (e.g. ~/.jupyter/jupyter_lab_config.py
),
the first generate one with the following command:
jupyter lab --generate-config
The open your config file and add the following two lines to the end:
import kernels_mixer
kernels_mixer.configure_kernels_mixer(c)
This extension expects that local and remote kernels have different names. If that is not the case then the local kernel will override the remote kernel. For example, if there is a local kernel named "python3", then any kernels in the remote kernel gateway named "python3" will be hidden in favor of it.
When using this extension, it is recommended that the remote kernel gateway is set up to add a prefix onto every kernel name in order to distinguish them from the local kernels.
Similarly, it is recommended that remote kernel display names are augmented to indicate where they are running.
The default kernel gateway used with this extension is the regional GCP kernel gateway
hosted under kernels.googleusercontent.com
, which ensures that both of those conditions
are followed.
FAQs
Jupyter server extension that allows mixing local and remote kernels together
We found that kernels-mixer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.