IPython notebooks (ipynb) are a part of massively adopted products like Google Colab and Jupyter.
A GitHub search shows >160k references to this method of installing libraries. A Scalibr scan on these repositories without this extractor fails to identify that the notebooks are fetching and installing the referenced packages at runtime.
https://github.com/search?q=%28%22%25pip+install%22+OR+%22%25conda+install%22+OR+%22%25uv+install%22+%29+AND+%28path%3A*.ipynb+OR+language%3APython%29&type=code
- Any critical, emergent vulnerability associated with software from the distribution method:
The supply chain risks are the same as for the existing Python extractors.
Software distribution method or binary type: IPython "magic" inline installation of PyPi/Conda packages.
Popularity of distribution method
IPython notebooks (ipynb) are a part of massively adopted products like Google Colab and Jupyter.
A GitHub search shows >160k references to this method of installing libraries. A Scalibr scan on these repositories without this extractor fails to identify that the notebooks are fetching and installing the referenced packages at runtime.
https://github.com/search?q=%28%22%25pip+install%22+OR+%22%25conda+install%22+OR+%22%25uv+install%22+%29+AND+%28path%3A*.ipynb+OR+language%3APython%29&type=code
The supply chain risks are the same as for the existing Python extractors.