@jupyterlab/testing
JupyterLab basic testing utilities.
4
Versions
BSD-3-Clause
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
darianblink1073jasongroutfcollonvaljtpiombektaskrassowskijupyterlab-release-bot
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:simulate-event | AI (dependencies): simulate-event is a standard DOM event simulation library; appropriate and expected for a testing utilities package. | ai | |
| phantom-deps | phantom-dep:jest | AI (phantom-deps): jest is a testing framework loaded via config, not direct import; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:ts-jest | AI (phantom-deps): ts-jest is a jest transformer loaded via jest config, not direct import; stable false positive. | ai | |
| phantom-deps | phantom-dep:fs-extra | AI (phantom-deps): fs-extra referenced in config/scripts context; stable false positive for this package. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): Used in start_jupyter_server.js to launch Jupyter server for testing; expected and documented behavior for this testing utility. | ai | |
| phantom-deps | phantom-dep:@babel/core | AI (phantom-deps): Babel packages loaded by jest/ts-jest by convention, not direct import; stable false positive. | ai | |
| phantom-deps | phantom-dep:@babel/preset-env | AI (phantom-deps): Babel preset loaded by framework convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:identity-obj-proxy | AI (phantom-deps): CSS module mock loaded via jest config moduleNameMapper; stable false positive. | ai | |
| phantom-deps | phantom-dep:jest-junit | AI (phantom-deps): jest-junit is a jest reporter loaded via config, not direct import; stable false positive. | ai |
Versions (showing 4 of 4)
| Version | Deps | Published |
|---|---|---|
| 4.5.7 | 13 / 4 | |
| 4.5.1 | 13 / 4 | |
| 4.5.0 | 13 / 4 | |
| 4.4.2 | 13 / 4 |
v4.5.7
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.5.1
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.5.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.4.2
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.