基础信息
项目名称:plotly/plotly.py
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1744128264516222976/1744128264570748928
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Pillow 输入验证错误漏洞 | 整数溢出或环绕 | MPS-2020-0059 | CVE-2020-5310 | 高危 |
| Pillow 缓冲区错误漏洞 | 经典缓冲区溢出 | MPS-2020-0060 | CVE-2020-5311 | 严重 |
| Pillow 缓冲区错误漏洞 | 经典缓冲区溢出 | MPS-2020-0061 | CVE-2020-5312 | 严重 |
| Pillow 缓冲区错误漏洞 | 越界读取 | MPS-2020-0062 | CVE-2020-5313 | 高危 |
| Pillow 输入验证错误漏洞 | 整数溢出或环绕 | MPS-2020-0120 | CVE-2019-19911 | 高危 |
| Pillow 缓冲区错误漏洞 | 越界读取 | MPS-2020-9466 | CVE-2020-10177 | 中危 |
| Pillow 缓冲区错误漏洞 | 越界读取 | MPS-2020-9467 | CVE-2020-10378 | 中危 |
| Pillow 缓冲区错误漏洞 | 经典缓冲区溢出 | MPS-2020-9468 | CVE-2020-10379 | 高危 |
| Pillow 缓冲区错误漏洞 | 越界读取 | MPS-2020-9469 | CVE-2020-10994 | 中危 |
| Pillow 缓冲区错误漏洞 | 越界读取 | MPS-2020-9470 | CVE-2020-11538 | 高危 |
| Pillow 缓冲区错误漏洞 | 越界读取 | MPS-2021-0176 | CVE-2020-35653 | 高危 |
| Pillow 缓冲区错误漏洞 | 越界写入 | MPS-2021-0177 | CVE-2020-35654 | 高危 |
| Pillow 缓冲区错误漏洞 | 越界读取 | MPS-2021-0178 | CVE-2020-35655 | 中危 |
| Pillow 缓冲区错误漏洞 | 越界读取 | MPS-2021-19476 | CVE-2021-23437 | 高危 |
| nbconvert XSS漏洞 | XSS | MPS-2021-24622 | CVE-2021-32862 | 中危 |
| Pillow 资源管理错误漏洞 | 输入验证不恰当 | MPS-2021-2478 | CVE-2021-27921 | 高危 |
| Pillow 资源管理错误漏洞 | 输入验证不恰当 | MPS-2021-2479 | CVE-2021-27922 | 高危 |
| Pillow 资源管理错误漏洞 | 输入验证不恰当 | MPS-2021-2480 | CVE-2021-27923 | 高危 |
| NumPy 安全漏洞 | 不充分的比较 | MPS-2021-25631 | CVE-2021-34141 | 中危 |
| Pillow 缓冲区错误漏洞 | 越界读取 | MPS-2021-3070 | CVE-2021-25293 | 高危 |
| Pillow 缓冲区错误漏洞 | 越界写入 | MPS-2021-3074 | CVE-2021-25290 | 高危 |
| Pillow 安全漏洞 | ReDoS | MPS-2021-3075 | CVE-2021-25292 | 中危 |
| Pillow 缓冲区错误漏洞 | 越界读取 | MPS-2021-3076 | CVE-2021-25291 | 高危 |
| Pillow 缓冲区错误漏洞 | 越界写入 | MPS-2021-3077 | CVE-2021-25289 | 严重 |
| NumPy 代码问题漏洞 | 空指针取消引用 | MPS-2021-32278 | CVE-2021-41495 | 中危 |
| NumPy 安全漏洞 | 经典缓冲区溢出 | MPS-2021-32279 | CVE-2021-41496 | 中危 |
| Pillow 缓冲区错误漏洞 | 越界读取 | MPS-2021-7529 | CVE-2021-25287 | 严重 |
| Pillow 安全漏洞 | 不可达退出条件的循环(无限循环) | MPS-2021-7530 | CVE-2021-28676 | 高危 |
| Pillow 缓冲区错误漏洞 | 越界读取 | MPS-2021-7538 | CVE-2021-25288 | 严重 |
| Pillow 输入验证错误漏洞 | MPS-2021-7618 | CVE-2021-28677 | 高危 | |
| Pillow 数据伪造问题漏洞 | 对数据真实性的验证不充分 | MPS-2021-7765 | CVE-2021-28678 | 中危 |
| Pillow 资源管理错误漏洞 | 未加检查的返回值 | MPS-2021-7768 | CVE-2021-28675 | 中危 |
| Pillow 缓冲区错误漏洞 | 经典缓冲区溢出 | MPS-2021-9796 | CVE-2021-34552 | 严重 |
| Pillow 安全漏洞 | 初始化不恰当 | MPS-2022-0817 | CVE-2022-22815 | 中危 |
| Pillow 缓冲区错误漏洞 | 越界读取 | MPS-2022-0818 | CVE-2022-22816 | 中危 |
| Pillow 安全漏洞 | MPS-2022-0819 | CVE-2022-22817 | 严重 | |
| pillow 存在拒绝服务漏洞 | 拒绝服务 | MPS-2022-15032 | 中危 | |
| Pillow 验证错误漏洞 | 对数据真实性的验证不充分 | MPS-2022-3208 | CVE-2022-24303 | 严重 |
| node-semver 安全漏洞 | ReDoS | MPS-2022-5166 | CVE-2022-25883 | 高危 |
| Python 安全漏洞 | ReDoS | MPS-2022-57238 | CVE-2022-40897 | 中危 |
| Pillow 安全漏洞 | 拒绝服务 | MPS-2022-64228 | CVE-2022-45198 | 高危 |
| needle 存在Authorization请求头泄露漏洞 | 未授权敏感信息泄露 | MPS-2022-7866 | 中危 | |
| SciPy 资源管理错误漏洞 | UAF | MPS-2023-10196 | CVE-2023-29824 | 严重 |
| SciPy 安全漏洞 | MPS-2023-4046 | CVE-2023-25399 | 中危 | |
| word-wrap 安全漏洞 | ReDoS | MPS-2023-5109 | CVE-2023-26115 | 高危 |
| Webpack 安全漏洞 | MPS-2023-7721 | CVE-2023-28154 | 严重 | |
| Requests Proxy-Authorization 标头泄露漏洞 | 未授权敏感信息泄露 | MPS-hr61-tzey | CVE-2023-32681 | 中危 |
| Pillow 安全漏洞 | 拒绝服务 | MPS-uxbf-5trd | CVE-2023-44271 | 高危 |
| PostCSS 安全漏洞 | 注入 | MPS-y3tx-jzms | CVE-2023-44270 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| requests | 2.25.1 | 2.31.0 | 间接依赖 | 建议修复 |
| word-wrap | 1.2.3 | 1.2.4 | 间接依赖 | 建议修复 |
| webpack | 5.75.0 | 5.76.0 | 间接依赖 | 建议修复 |
| pillow | 6.2.0 | 10.0.0 | 间接依赖 | 建议修复 |
| scipy | 1.6.2 | 1.10.0rc1 | 间接依赖 | 建议修复 |
| needle | 2.9.1 | 3.1.0 | 间接依赖 | 可选修复 |
| semver | 5.7.1 | 7.5.2 | 间接依赖 | 可选修复 |
| numpy | 1.21.6 | 间接依赖 | 可选修复 | |
| nbconvert | 5.6.1 | 6.3 | 间接依赖 | 可选修复 |
| postcss | 8.3.2 | 8.4.31 | 间接依赖 | 可选修复 |
| setuptools | 39.2.0 | 65.5.1 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 386 | 低 |
| ISC | 60 | 低 |
| BSD-2-Clause | 13 | 低 |
| BSD-3-Clause | 58 | 低 |
| 0BSD | 1 | 低 |
| Apache-2.0 | 12 | 低 |
| CC-BY-3.0 | 1 | 低 |
| 自定义许可证 | 17 | 低 |
| Unlicense | 1 | 低 |
| Zlib | 1 | 低 |
| CC0-1.0 | 1 | 低 |
| Apache-2.0 OR MIT | 1 | 低 |
| HPND | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| process-nextick-args | 2.0.1 | 间接依赖 | npm |
| schema-utils | 2.7.1 | 间接依赖 | npm |
| is-regex | 1.1.2 | 间接依赖 | npm |
| color-alpha | 1.0.4 | 间接依赖 | npm |
| wrappy | 1.0.2 | 间接依赖 | npm |
| npm-run-path | 4.0.1 | 间接依赖 | npm |
| end-of-stream | 1.4.4 | 间接依赖 | npm |
| @types/lodash | 4.14.168 | 间接依赖 | npm |
| bl | 2.2.1 | 间接依赖 | npm |
| unique-slug | 2.0.2 | 间接依赖 | npm |
| is-string | 1.0.5 | 间接依赖 | npm |
| iconv-lite | 0.4.24 | 间接依赖 | npm |
| file-loader | 6.0.0 | 间接依赖 | npm |
| terser | 5.14.2 | 间接依赖 | npm |
| Command | 间接依赖 | pip | |
| needle | 2.9.1 | 间接依赖 | npm |
| postcss-modules-values | 4.0.0 | 间接依赖 | npm |
| @lumino/algorithm | 1.9.2 | 间接依赖 | npm |
| nanoid | 3.3.2 | 间接依赖 | npm |
| supports-preserve-symlinks-flag | 1.0.0 | 间接依赖 | npm |
| SubplotXY | 间接依赖 | pip | |
| signum | 1.0.0 | 间接依赖 | npm |
| path-exists | 4.0.0 | 间接依赖 | npm |
| mock | 2.0.0 | 间接依赖 | pip |
| glsl-token-assignments | 2.0.2 | 间接依赖 | npm |
| __all__ | 间接依赖 | pip | |
| @jupyterlab/settingregistry | 3.0.6 | 间接依赖 | npm |
| postcss | 8.3.2 | 间接依赖 | npm |
| is-plain-object | 2.0.4 | 间接依赖 | npm |
| array-find-index | 1.0.2 | 间接依赖 | npm |
| css-global-keywords | 1.0.1 | 间接依赖 | npm |
| once | 1.4.0 | 间接依赖 | npm |
| number-is-integer | 1.0.1 | 间接依赖 | npm |
| color-space | 1.16.0 | 间接依赖 | npm |
| tslib | 1.14.1 | 间接依赖 | npm |
| d3-timer | 1.0.10 | 间接依赖 | npm |
| readable-stream | 2.3.7 | 间接依赖 | npm |
| to-px | 1.0.1 | 间接依赖 | npm |
| es6-iterator | 2.0.3 | 间接依赖 | npm |
| es-to-primitive | 1.2.1 | 间接依赖 | npm |
| @lumino/virtualdom | 1.14.3 | 间接依赖 | npm |
| @lumino/properties | 1.8.2 | 间接依赖 | npm |
| lodash | 4.17.21 | 间接依赖 | npm |
| yallist | 4.0.0 | 间接依赖 | npm |
| ts-loader | 8.1.0 | 直接依赖 | npm |
| @mapbox/jsonlint-lines-primitives | 2.0.2 | 间接依赖 | npm |
| @jupyterlab/services | 6.0.9 | 间接依赖 | npm |
| envinfo | 7.8.1 | 间接依赖 | npm |
| load-json-file | 4.0.0 | 间接依赖 | npm |
| OrderedDict | 间接依赖 | pip | |
| webpack-sources | 1.4.3 | 间接依赖 | npm |
| colorette | 1.2.2 | 间接依赖 | npm |
| @jridgewell/gen-mapping | 0.3.2 | 间接依赖 | npm |
| is-string-blank | 1.0.1 | 间接依赖 | npm |
| css-font-style-keywords | 1.0.1 | 间接依赖 | npm |
| unquote | 1.1.1 | 间接依赖 | npm |
| infer-owner | 1.0.4 | 间接依赖 | npm |
| glslify-deps | 1.3.2 | 间接依赖 | npm |
| @types/webpack-env | 1.16.0 | 直接依赖 | npm |
| @webassemblyjs/wast-printer | 1.11.1 | 间接依赖 | npm |
| prettier | 2.2.1 | 直接依赖 | npm |
| rw | 1.3.3 | 间接依赖 | npm |
| optional_imports | 间接依赖 | pip | |
| minipass | 3.1.3 | 间接依赖 | npm |
| array-rearrange | 2.2.2 | 间接依赖 | npm |
| has-symbols | 1.0.2 | 间接依赖 | npm |
| @turf/centroid | 6.5.0 | 间接依赖 | npm |
| @choojs/findup | 0.2.1 | 间接依赖 | npm |
| is-number | 7.0.0 | 间接依赖 | npm |
| @types/plotly.js | 1.54.10 | 直接依赖 | npm |
| @types/json-schema | 7.0.11 | 间接依赖 | npm |
| find-root | 1.1.0 | 间接依赖 | npm |
| path-is-absolute | 1.0.1 | 间接依赖 | npm |
| numpy | 1.21.6 | 间接依赖 | pip |
| kind-of | 6.0.3 | 间接依赖 | npm |
| typescript | 4.1.5 | 直接依赖 | npm |
| @webassemblyjs/utf8 | 1.11.1 | 间接依赖 | npm |
| chalk | 2.4.2 | 间接依赖 | npm |
| glsl-inject-defines | 1.0.3 | 间接依赖 | npm |
| has-hover | 1.0.1 | 间接依赖 | npm |
| brace-expansion | 1.1.11 | 间接依赖 | npm |
| typedarray-pool | 1.2.0 | 间接依赖 | npm |
| @npmcli/move-file | 1.1.2 | 间接依赖 | npm |
| stream-parser | 0.3.1 | 间接依赖 | npm |
| p-map | 4.0.0 | 间接依赖 | npm |
| statsmodels | 0.10.2 | 间接依赖 | pip |
| next-tick | 1.1.0 | 间接依赖 | npm |
| chrome-trace-event | 1.0.2 | 间接依赖 | npm |
| typedarray | 0.0.6 | 间接依赖 | npm |
| enhanced-resolve | 4.5.0 | 间接依赖 | npm |
| ms | 2.1.3 | 间接依赖 | npm |
| setup | 间接依赖 | pip | |
| is-plain-obj | 1.1.0 | 间接依赖 | npm |
| querystringify | 2.1.1 | 间接依赖 | npm |
| d3-quadtree | 1.0.7 | 间接依赖 | npm |
| kdbush | 3.0.0 | 间接依赖 | npm |
| crypto | 1.0.1 | 直接依赖 | npm |
| is-boolean-object | 1.1.0 | 间接依赖 | npm |
| is-symbol | 1.0.3 | 间接依赖 | npm |
| pyshp | 2.1.3 | 间接依赖 | pip |
| @webassemblyjs/wasm-edit | 1.11.1 | 间接依赖 | npm |
| levn | 0.3.0 | 间接依赖 | npm |
| core-util-is | 1.0.2 | 间接依赖 | npm |
| big.js | 5.2.2 | 间接依赖 | npm |
| has-bigints | 1.0.1 | 间接依赖 | npm |
| color-rgba | 2.1.1 | 间接依赖 | npm |
| data-urls | 2.0.0 | 直接依赖 | npm |
| @discoveryjs/json-ext | 0.5.2 | 间接依赖 | npm |
| v8-compile-cache | 2.3.0 | 间接依赖 | npm |
| find-cache-dir | 3.3.1 | 间接依赖 | npm |
| resolve | 1.22.1 | 间接依赖 | npm |
| css-font | 1.2.0 | 间接依赖 | npm |
| fast-json-stable-stringify | 2.1.0 | 间接依赖 | npm |
| performance-now | 2.1.0 | 间接依赖 | npm |
| almost-equal | 1.1.0 | 间接依赖 | npm |
| PlotlyNode | 间接依赖 | pip | |
| isexe | 2.0.0 | 间接依赖 | npm |
| quickselect | 2.0.0 | 间接依赖 | npm |
| country-regex | 1.1.0 | 间接依赖 | npm |
| ext | 1.7.0 | 间接依赖 | npm |
| events | 3.2.0 | 间接依赖 | npm |
| @webpack-cli/serve | 1.3.1 | 间接依赖 | npm |
| tapable | 1.1.3 | 间接依赖 | npm |
| minimist | 1.2.6 | 间接依赖 | npm |
| json5 | 2.2.3 | 间接依赖 | npm |
| d3-force | 1.2.1 | 间接依赖 | npm |
| init_figure | 间接依赖 | pip | |
| glsl-token-whitespace-trim | 1.0.0 | 间接依赖 | npm |
| pkg-dir | 4.2.0 | 间接依赖 | npm |
| glsl-token-depth | 1.1.2 | 间接依赖 | npm |
| minipass-collect | 1.0.2 | 间接依赖 | npm |
| duplexify | 3.7.1 | 间接依赖 | npm |
| plotly | 5.18.0 | 间接依赖 | pip |
| gl-text | 1.3.1 | 间接依赖 | npm |
| parse-json | 4.0.0 | 间接依赖 | npm |
| _plotly_utils | 间接依赖 | pip | |
| geopandas | 0.9.0 | 间接依赖 | pip |
| p-try | 2.2.0 | 直接依赖 | npm |
| @webpack-cli/configtest | 1.0.2 | 间接依赖 | npm |
| @jupyterlab/observables | 4.0.6 | 间接依赖 | npm |
| ensure_writable_plotly_dir | 间接依赖 | pip | |
| @jupyterlab/rendermime-interfaces | 3.0.6 | 直接依赖 | npm |
| @types/webpack-sources | 0.1.9 | 间接依赖 | npm |
| @mapbox/whoots-js | 3.1.0 | 间接依赖 | npm |
| regl | 2.1.2 | 间接依赖 | npm |
| esprima | 4.0.1 | 间接依赖 | npm |
| font-measure | 1.2.2 | 间接依赖 | npm |
| debug | 3.2.7 | 间接依赖 | npm |
| regl-scatter2d | 3.2.9 | 间接依赖 | npm |
| ajv-keywords | 3.5.2 | 间接依赖 | npm |
| source-list-map | 2.0.1 | 间接依赖 | npm |
| @mapbox/unitbezier | 0.0.0 | 间接依赖 | npm |
| gl-util | 3.1.3 | 间接依赖 | npm |
| isobject | 3.0.1 | 间接依赖 | npm |
| d3-interpolate | 3.0.1 | 间接依赖 | npm |
| topojson-client | 3.1.0 | 间接依赖 | npm |
| requires-port | 1.0.0 | 间接依赖 | npm |
| to-regex-range | 5.0.1 | 间接依赖 | npm |
| is-core-module | 2.11.0 | 间接依赖 | npm |
| glob-to-regexp | 0.4.1 | 间接依赖 | npm |
| jsonfile | 4.0.0 | 间接依赖 | npm |
| p-limit | 3.1.0 | 间接依赖 | npm |
| spdx-exceptions | 2.3.0 | 间接依赖 | npm |
| _cmp_partial_dict | 间接依赖 | pip | |
| quartile | 间接依赖 | pip | |
| @lumino/polling | 1.3.3 | 间接依赖 | npm |
| shallow-clone | 3.0.1 | 间接依赖 | npm |
| ws | 7.4.6 | 间接依赖 | npm |
| @plotly/d3-sankey-circular | 0.33.1 | 间接依赖 | npm |
| @mapbox/geojson-types | 1.0.2 | 间接依赖 | npm |
| object-keys | 1.1.1 | 间接依赖 | npm |
| @types/d3 | 3.5.44 | 间接依赖 | npm |
| d | 1.0.1 | 间接依赖 | npm |
| ipykernel | 5.5.3 | 间接依赖 | pip |
| @lumino/collections | 1.9.3 | 间接依赖 | npm |
| picomatch | 2.3.1 | 间接依赖 | npm |
| pytest | 6.2.3 | 间接依赖 | pip |
| is-browser | 2.1.0 | 间接依赖 | npm |
| murmurhash-js | 1.0.0 | 间接依赖 | npm |
| jinja2 | 3.1 | 间接依赖 | pip |
| minipass-flush | 1.0.5 | 间接依赖 | npm |
| mumath | 3.3.4 | 间接依赖 | npm |
| falafel | 2.2.5 | 间接依赖 | npm |
| path-parse | 1.0.7 | 间接依赖 | npm |
| build_datatype_py | 间接依赖 | pip | |
| braces | 3.0.2 | 间接依赖 | npm |
| is-arrayish | 0.2.1 | 间接依赖 | npm |
| @jupyter-widgets/base | 4.0.0 | 直接依赖 | npm |
| color-name | 1.1.4 | 间接依赖 | npm |
| mime-db | 1.52.0 | 间接依赖 | npm |
| floor | 间接依赖 | pip | |
| @webassemblyjs/leb128 | 1.11.1 | 间接依赖 | npm |
| hosted-git-info | 2.8.9 | 间接依赖 | npm |
| fastest-levenshtein | 1.0.12 | 间接依赖 | npm |
| postcss-modules-extract-imports | 3.0.0 | 间接依赖 | npm |
| webpack | 5.75.0 | 间接依赖 | npm |
| @lumino/widgets | 1.37.1 | 间接依赖 | npm |
| array-normalize | 1.1.4 | 间接依赖 | npm |
| ssri | 8.0.1 | 间接依赖 | npm |
| get-canvas-context | 1.0.2 | 间接依赖 | npm |
| d3-hierarchy | 1.1.9 | 间接依赖 | npm |
| micromatch | 4.0.5 | 间接依赖 | npm |
| sphinx | 3.5.4 | 间接依赖 | pip |
| object-assign | 4.1.1 | 间接依赖 | npm |
| @webassemblyjs/wasm-gen | 1.11.1 | 间接依赖 | npm |
| color-id | 1.1.0 | 间接依赖 | npm |
| @turf/area | 6.5.0 | 间接依赖 | npm |
| semver | 5.7.1 | 间接依赖 | npm |
| acorn | 7.4.1 | 间接依赖 | npm |
| jest-worker | 26.6.2 | 间接依赖 | npm |
| tinycolor2 | 1.5.2 | 间接依赖 | npm |
| gl-mat4 | 1.2.0 | 间接依赖 | npm |
| Shapely | 1.7.1 | 间接依赖 | pip |
| namedtuple | 间接依赖 | pip | |
| get-intrinsic | 1.1.1 | 间接依赖 | npm |
| universalify | 0.1.2 | 间接依赖 | npm |
| merge-stream | 2.0.0 | 间接依赖 | npm |
| css-font-stretch-keywords | 1.0.1 | 间接依赖 | npm |
| spdx-expression-parse | 3.0.1 | 间接依赖 | npm |
| grid-index | 1.1.0 | 间接依赖 | npm |
| @turf/bbox | 6.5.0 | 间接依赖 | npm |
| xtend | 4.0.2 | 间接依赖 | npm |
| string.prototype.trimend | 1.0.4 | 间接依赖 | npm |
| watchpack | 2.4.0 | 间接依赖 | npm |
| deepcopy | 间接依赖 | pip | |
| mouse-event | 1.0.5 | 间接依赖 | npm |
| is-bigint | 1.0.1 | 间接依赖 | npm |
| mime-types | 2.1.35 | 间接依赖 | npm |
| resolve-from | 5.0.0 | 间接依赖 | npm |
| is-iexplorer | 1.0.0 | 间接依赖 | npm |
| @types/estree | 0.0.51 | 间接依赖 | npm |
| PLOTLY_DIR | 间接依赖 | pip | |
| wildcard | 2.0.0 | 间接依赖 | npm |
| @types/backbone | 1.4.10 | 间接依赖 | npm |
| object-inspect | 1.9.0 | 间接依赖 | npm |
| earcut | 2.2.4 | 间接依赖 | npm |
| spdx-correct | 3.1.1 | 间接依赖 | npm |
| object.assign | 4.1.2 | 间接依赖 | npm |
| d3-shape | 1.3.7 | 间接依赖 | npm |
| canvas-fit | 1.5.0 | 间接依赖 | npm |
| source-map-loader | 1.1.3 | 间接依赖 | npm |
| array-bounds | 1.0.1 | 间接依赖 | npm |
| Bar | 间接依赖 | pip | |
| path-type | 3.0.0 | 间接依赖 | npm |
| parse-svg-path | 0.1.2 | 间接依赖 | npm |
| jupyter-client | 7 | 间接依赖 | pip |
| shebang-regex | 1.0.0 | 间接依赖 | npm |
| @lumino/coreutils | 1.12.1 | 间接依赖 | npm |
| @lumino/application | 1.31.3 | 间接依赖 | npm |
| spdx-license-ids | 3.0.5 | 间接依赖 | npm |
| flatten-vertex-data | 1.0.2 | 间接依赖 | npm |
| nice-try | 1.0.5 | 间接依赖 | npm |
| pick-by-alias | 1.2.0 | 间接依赖 | npm |
| esutils | 2.0.3 | 间接依赖 | npm |
| ansi-styles | 3.2.1 | 间接依赖 | npm |
| resolve-protobuf-schema | 2.1.0 | 间接依赖 | npm |
| binary-search-bounds | 2.0.5 | 间接依赖 | npm |
| fast-deep-equal | 3.1.3 | 间接依赖 | npm |
| moment | 2.29.4 | 间接依赖 | npm |
| webpack-merge | 5.7.3 | 间接依赖 | npm |
| validate-npm-package-license | 3.0.4 | 间接依赖 | npm |
| exceptions | 间接依赖 | pip | |
| enquirer | 2.3.6 | 间接依赖 | npm |
| minizlib | 2.1.2 | 间接依赖 | npm |
| cacache | 15.0.6 | 间接依赖 | npm |
| patsy | 0.5.1 | 间接依赖 | pip |
| @lumino/keyboard | 1.8.2 | 间接依赖 | npm |
| pidtree | 0.3.1 | 间接依赖 | npm |
| @lumino/messaging | 1.10.3 | 间接依赖 | npm |
| clone-deep | 4.0.1 | 间接依赖 | npm |
| string.prototype.padend | 3.1.2 | 间接依赖 | npm |
| @lumino/signaling | 1.11.1 | 间接依赖 | npm |
| lodash.merge | 4.6.2 | 间接依赖 | npm |
| ieee754 | 1.2.1 | 间接依赖 | npm |
| black | 22.3.0 | 间接依赖 | pip |
| pify | 3.0.0 | 间接依赖 | npm |
| tenacity | 6.2.0 | 间接依赖 | pip |
| source-map | 0.6.1 | 间接依赖 | npm |
| @webassemblyjs/helper-api-error | 1.11.1 | 间接依赖 | npm |
| color-normalize | 1.5.0 | 间接依赖 | npm |
| prr | 1.0.1 | 间接依赖 | npm |
| write_datatype_py | 间接依赖 | pip | |
| lru-cache | 6.0.0 | 间接依赖 | npm |
| @plotly/d3-sankey | 0.7.2 | 间接依赖 | npm |
| es6-weak-map | 2.0.3 | 间接依赖 | npm |
| json-schema-traverse | 0.4.1 | 间接依赖 | npm |
| mimic-fn | 2.1.0 | 间接依赖 | npm |
| retrying | 1.3.3 | 间接依赖 | pip |
| decorator | 4.0.9 | 间接依赖 | pip |
| ansi-colors | 4.1.1 | 间接依赖 | npm |
| style-loader | 1.3.0 | 间接依赖 | npm |
| @webassemblyjs/wasm-opt | 1.11.1 | 间接依赖 | npm |
| coverage | 4.3.1 | 间接依赖 | pip |
| @xtuc/long | 4.2.2 | 间接依赖 | npm |
| @types/jquery | 3.5.5 | 间接依赖 | npm |
| stack-trace | 0.0.9 | 间接依赖 | npm |
| @mapbox/point-geometry | 0.1.0 | 间接依赖 | npm |
| vt-pbf | 3.1.3 | 间接依赖 | npm |
| es6-symbol | 3.1.3 | 间接依赖 | npm |
| @jridgewell/trace-mapping | 0.3.14 | 间接依赖 | npm |
| SubplotDomain | 间接依赖 | pip | |
| through2 | 2.0.5 | 间接依赖 | npm |
| plotly_cdn_url | 间接依赖 | pip | |
| nbconvert | 5.6.1 | 间接依赖 | pip |
| css-font-weight-keywords | 1.0.0 | 间接依赖 | npm |
| scipy | 1.6.2 | 间接依赖 | pip |
| node-releases | 1.1.71 | 间接依赖 | npm |
| parse-unit | 1.0.1 | 间接依赖 | npm |
| glsl-token-inject-block | 1.1.0 | 间接依赖 | npm |
| isarray | 1.0.0 | 间接依赖 | npm |
| @lumino/disposable | 1.10.4 | 间接依赖 | npm |
| webgl-context | 2.2.0 | 间接依赖 | npm |
| make-dir | 3.1.0 | 间接依赖 | npm |
| mapbox-gl | 1.10.1 | 间接依赖 | npm |
| cross-spawn | 6.0.5 | 间接依赖 | npm |
| from2 | 2.3.0 | 间接依赖 | npm |
| inherits | 2.0.4 | 间接依赖 | npm |
| update-diff | 1.1.0 | 间接依赖 | npm |
| glsl-resolve | 0.0.1 | 间接依赖 | npm |
| terser-webpack-plugin | 4.2.3 | 间接依赖 | npm |
| build_dataframe | 间接依赖 | pip | |
| utils | 间接依赖 | pip | |
| commondir | 1.0.1 | 间接依赖 | npm |
| is-callable | 1.2.3 | 间接依赖 | npm |
| fs-minipass | 2.1.0 | 间接依赖 | npm |
| neo-async | 2.6.2 | 间接依赖 | npm |
| d3-format | 1.4.5 | 间接依赖 | npm |
| strip-final-newline | 2.0.0 | 间接依赖 | npm |
| d3-collection | 1.0.7 | 间接依赖 | npm |
| @webassemblyjs/wasm-parser | 1.11.1 | 间接依赖 | npm |
| glslify-bundle | 5.1.1 | 间接依赖 | npm |
| regl-line2d | 3.1.2 | 间接依赖 | npm |
| @types/source-list-map | 0.1.2 | 间接依赖 | npm |
| _plotly_future_ | 间接依赖 | pip | |
| tr46 | 0.0.3 | 间接依赖 | npm |
| glslify | 7.1.1 | 间接依赖 | npm |
| duplicate-package-checker-webpack-plugin | 3.0.0 | 间接依赖 | npm |
| webidl-conversions | 3.0.1 | 间接依赖 | npm |
| log | 间接依赖 | pip | |
| process | 0.11.10 | 间接依赖 | npm |
| glsl-tokenizer | 2.1.5 | 间接依赖 | npm |
| mini-css-extract-plugin | 1.3.9 | 间接依赖 | npm |
| serialize-javascript | 5.0.1 | 间接依赖 | npm |
| detect-kerning | 2.1.2 | 间接依赖 | npm |
| supercluster | 7.1.5 | 间接依赖 | npm |
| pandas | 2.0.2 | 间接依赖 | pip |
| weak-map | 1.0.8 | 间接依赖 | npm |
| FullFakeRenderer | 间接依赖 | pip | |
| @mapbox/tiny-sdf | 1.2.5 | 间接依赖 | npm |
| word-wrap | 1.2.3 | 间接依赖 | npm |
| validate_coerce_output_type | 间接依赖 | pip | |
| @jupyterlab/coreutils | 5.0.6 | 间接依赖 | npm |
| Unicode | 间接依赖 | pip | |
| @jridgewell/set-array | 1.1.2 | 间接依赖 | npm |
| @webassemblyjs/helper-wasm-section | 1.11.1 | 间接依赖 | npm |
| signal-exit | 3.0.3 | 间接依赖 | npm |
| rechoir | 0.7.0 | 间接依赖 | npm |
| @webassemblyjs/ieee754 | 1.11.1 | 间接依赖 | npm |
| json-parse-even-better-errors | 2.3.1 | 间接依赖 | npm |
| emojis-list | 3.0.0 | 间接依赖 | npm |
| strongly-connected-components | 1.0.1 | 间接依赖 | npm |
| yocto-queue | 0.1.0 | 间接依赖 | npm |
| compare_dict | 间接依赖 | pip | |
| deep-is | 0.1.4 | 间接依赖 | npm |
| sax | 1.2.4 | 间接依赖 | npm |
| superscript-text | 1.0.0 | 间接依赖 | npm |
| color-convert | 1.9.3 | 间接依赖 | npm |
| string_decoder | 1.1.1 | 间接依赖 | npm |
| indent-string | 4.0.0 | 间接依赖 | npm |
| strip_dict_params | 间接依赖 | pip | |
| string-split-by | 1.0.0 | 间接依赖 | npm |
| type-check | 0.3.2 | 间接依赖 | npm |
| @types/eslint-scope | 3.7.4 | 间接依赖 | npm |
| is-number-object | 1.0.4 | 间接依赖 | npm |
| webpack-cli | 4.6.0 | 间接依赖 | npm |
| commander | 2.20.3 | 间接依赖 | npm |
| @webassemblyjs/ast | 1.11.1 | 间接依赖 | npm |
| parenthesis | 3.1.8 | 间接依赖 | npm |
| probe-image-size | 7.2.3 | 间接依赖 | npm |
| elementary-circuits-directed-graph | 1.3.1 | 间接依赖 | npm |
| _is_col_list | 间接依赖 | pip | |
| type_str | 间接依赖 | pip | |
| error-ex | 1.3.2 | 间接依赖 | npm |
| Scatter | 间接依赖 | pip | |
| concat-map | 0.0.1 | 间接依赖 | npm |
| whatwg-mimetype | 2.3.0 | 间接依赖 | npm |
| gl-matrix | 3.4.3 | 间接依赖 | npm |
| map-limit | 0.0.1 | 间接依赖 | npm |
| clamp | 1.0.1 | 间接依赖 | npm |
| eslint-scope | 5.1.1 | 间接依赖 | npm |
| d3-color | 3.1.0 | 间接依赖 | npm |
| is-finite | 1.1.0 | 间接依赖 | npm |
| css-loader | 5.2.6 | 间接依赖 | npm |
| es5-ext | 0.10.62 | 间接依赖 | npm |
| is-firefox | 1.0.3 | 间接依赖 | npm |
| has-passive-events | 1.0.0 | 间接依赖 | npm |
| browserslist | 4.16.6 | 间接依赖 | npm |
| geojson-vt | 3.2.1 | 间接依赖 | npm |
| @webassemblyjs/helper-numbers | 1.11.1 | 间接依赖 | npm |
| @mapbox/mapbox-gl-supported | 1.5.0 | 间接依赖 | npm |
| point-in-polygon | 1.1.0 | 间接依赖 | npm |
| indexes-of | 1.0.1 | 间接依赖 | npm |
| orjson | 3.8.12 | 间接依赖 | pip |
| es-module-lexer | 0.9.3 | 间接依赖 | npm |
| nose | 1.3.7 | 间接依赖 | pip |
| buffer-from | 1.1.1 | 间接依赖 | npm |
| shell-quote | 1.7.3 | 间接依赖 | npm |
| draw-svg-path | 1.0.0 | 间接依赖 | npm |
| jupytext | 1.1.1 | 间接依赖 | pip |
| jupyter | 1.0.0 | 间接依赖 | pip |
| url-loader | 4.1.1 | 间接依赖 | npm |
| packaging | 间接依赖 | pip | |
| node-fetch | 2.6.7 | 间接依赖 | npm |
| is-stream | 2.0.0 | 间接依赖 | npm |
| d3-time | 1.1.0 | 间接依赖 | npm |
| plotly.js | 2.27.0 | 直接依赖 | npm |
| @plotly/point-cluster | 3.1.9 | 间接依赖 | npm |
| safer-buffer | 2.1.2 | 间接依赖 | npm |
| setuptools | 39.2.0 | 间接依赖 | pip |
| tinyqueue | 2.0.3 | 间接依赖 | npm |
| import-local | 3.0.2 | 间接依赖 | npm |
| shebang-command | 1.2.0 | 间接依赖 | npm |
| defined | 1.0.1 | 间接依赖 | npm |
| @jridgewell/resolve-uri | 3.1.0 | 间接依赖 | npm |
| esrecurse | 4.3.0 | 间接依赖 | npm |
| json-parse-better-errors | 1.0.2 | 间接依赖 | npm |
| glsl-token-defines | 1.0.0 | 间接依赖 | npm |
| locate-path | 5.0.0 | 间接依赖 | npm |
| resolve-cwd | 3.0.0 | 间接依赖 | npm |
| urlparse | 间接依赖 | pip | |
| cssesc | 3.0.0 | 间接依赖 | npm |
| pytz | 2021.1 | 间接依赖 | pip |
| hsluv | 0.0.3 | 间接依赖 | npm |
| d3-array | 1.2.4 | 间接依赖 | npm |
| chart_studio | 间接依赖 | pip | |
| define-properties | 1.1.3 | 间接依赖 | npm |
| parse-rect | 1.2.0 | 间接依赖 | npm |
| dtype | 2.0.0 | 间接依赖 | npm |
| base64-js | 1.5.1 | 间接依赖 | npm |
| prelude-ls | 1.1.2 | 间接依赖 | npm |
| graceful-fs | 4.2.10 | 间接依赖 | npm |
| balanced-match | 1.0.2 | 间接依赖 | npm |
| supports-color | 7.2.0 | 间接依赖 | npm |
| which-boxed-primitive | 1.0.2 | 间接依赖 | npm |
| fs.realpath | 1.0.0 | 间接依赖 | npm |
| source-map-js | 0.6.2 | 间接依赖 | npm |
| memorystream | 0.3.1 | 间接依赖 | npm |
| license-webpack-plugin | 2.3.21 | 间接依赖 | npm |
| backbone | 1.2.3 | 间接依赖 | npm |
| TraceNode | 间接依赖 | pip | |
| mouse-wheel | 1.2.0 | 间接依赖 | npm |
| session | 间接依赖 | pip | |
| font-atlas | 2.1.0 | 间接依赖 | npm |
| d3-geo | 1.12.1 | 间接依赖 | npm |
| has | 1.0.3 | 间接依赖 | npm |
| fast-levenshtein | 2.0.6 | 间接依赖 | npm |
| right-now | 1.0.0 | 间接依赖 | npm |
| world-calendars | 1.0.3 | 间接依赖 | npm |
| to-string-loader | 1.1.6 | 间接依赖 | npm |
| stream-shift | 1.0.1 | 间接依赖 | npm |
| element-size | 1.1.1 | 间接依赖 | npm |
| fast-isnumeric | 1.1.4 | 间接依赖 | npm |
| @mapbox/vector-tile | 1.3.1 | 间接依赖 | npm |
| umap-learn | 0.5.1 | 间接依赖 | pip |
| unbox-primitive | 1.0.1 | 间接依赖 | npm |
| has-flag | 4.0.0 | 间接依赖 | npm |
| d3-time-format | 2.3.0 | 间接依赖 | npm |
| path-browserify | 1.0.1 | 间接依赖 | npm |
| regl-error2d | 2.0.12 | 间接依赖 | npm |
| mkdirp | 0.5.5 | 间接依赖 | npm |
| whatwg-url | 5.0.0 | 间接依赖 | npm |
| math-log2 | 1.0.1 | 间接依赖 | npm |
| concat-stream | 1.6.2 | 间接依赖 | npm |
| imurmurhash | 0.1.4 | 间接依赖 | npm |
| postcss-selector-parser | 6.0.4 | 间接依赖 | npm |
| @jupyterlab/translation | 3.0.9 | 间接依赖 | npm |
| polybooljs | 1.2.0 | 间接依赖 | npm |
| css-font-size-keywords | 1.0.0 | 间接依赖 | npm |
| execa | 5.0.0 | 间接依赖 | npm |
| punycode | 2.1.1 | 间接依赖 | npm |
| is-negative-zero | 2.0.1 | 间接依赖 | npm |
| estraverse | 4.3.0 | 间接依赖 | npm |
| bit-twiddle | 1.0.2 | 间接依赖 | npm |
| minipass-pipeline | 1.2.4 | 间接依赖 | npm |
| is-obj | 1.0.1 | 间接依赖 | npm |
| glsl-token-string | 1.0.1 | 间接依赖 | npm |
| __getattr__ | 间接依赖 | pip | |
| call-bind | 1.0.2 | 间接依赖 | npm |
| find-up | 4.1.0 | 间接依赖 | npm |
| psutil | 5.7.0 | 间接依赖 | pip |
| optionator | 0.8.3 | 间接依赖 | npm |
| unquote | 间接依赖 | pip | |
| function-bind | 1.1.1 | 间接依赖 | npm |
| svg-arc-to-cubic-bezier | 3.2.0 | 直接依赖 | npm |
| color-parse | 1.3.8 | 间接依赖 | npm |
| memory-fs | 0.5.0 | 间接依赖 | npm |
| requests | 2.25.1 | 间接依赖 | pip |
| is-svg-path | 1.0.2 | 间接依赖 | npm |
| matplotlib | 3.8.0 | 间接依赖 | pip |
| type | 1.2.0 | 间接依赖 | npm |
| postcss-value-parser | 4.1.0 | 间接依赖 | npm |
| @webassemblyjs/floating-point-hex-parser | 1.11.1 | 间接依赖 | npm |
| shapely | 1.7.0 | 间接依赖 | pip |
| files | 间接依赖 | pip | |
| @mapbox/geojson-rewind | 0.5.2 | 间接依赖 | npm |
| minimatch | 3.1.2 | 间接依赖 | npm |
| normalize-svg-path | 0.1.0 | 间接依赖 | npm |
| pillow | 6.2.0 | 间接依赖 | pip |
| which | 1.3.1 | 间接依赖 | npm |
| List | 间接依赖 | pip | |
| url-parse | 1.5.10 | 间接依赖 | npm |
| raf | 3.4.1 | 间接依赖 | npm |
| path-key | 2.0.1 | 间接依赖 | npm |
| static-eval | 2.1.0 | 间接依赖 | npm |
| pbf | 3.2.1 | 间接依赖 | npm |
| native-promise-only | 0.8.1 | 间接依赖 | npm |
| @lumino/dragdrop | 1.14.4 | 间接依赖 | npm |
| @webpack-cli/info | 1.2.3 | 间接依赖 | npm |
| regl-splom | 1.0.14 | 间接依赖 | npm |
| aggregate-error | 3.1.0 | 间接依赖 | npm |
| postcss-modules-local-by-default | 4.0.0 | 间接依赖 | npm |
| es-abstract | 1.18.0 | 间接依赖 | npm |
| strip-bom | 3.0.0 | 间接依赖 | npm |
| glsl-token-properties | 1.0.1 | 间接依赖 | npm |
| safe-buffer | 5.2.1 | 间接依赖 | npm |
| @jupyterlab/statedb | 3.0.6 | 间接依赖 | npm |
| css-system-font-keywords | 1.0.0 | 间接依赖 | npm |
| promise-inflight | 1.0.1 | 间接依赖 | npm |
| @types/underscore | 1.11.1 | 间接依赖 | npm |
| randombytes | 2.1.0 | 间接依赖 | npm |
| read-pkg | 3.0.0 | 间接依赖 | npm |
| npm-run-all | 4.1.5 | 直接依赖 | npm |
| @types/eslint | 8.4.10 | 间接依赖 | npm |
| uri-js | 4.2.2 | 间接依赖 | npm |
| interpret | 2.2.0 | 间接依赖 | npm |
| ipywidgets | 8.0.2 | 间接依赖 | pip |
| rimraf | 2.7.1 | 间接依赖 | npm |
| fill-range | 7.0.1 | 间接依赖 | npm |
| combinations | 间接依赖 | pip | |
| protocol-buffers-schema | 3.6.0 | 间接依赖 | npm |
| underscore | 1.12.1 | 间接依赖 | npm |
| jquery | 3.6.0 | 间接依赖 | npm |
| is-date-object | 1.0.2 | 间接依赖 | npm |
| Pillow | 8.2.0 | 间接依赖 | pip |
| _check_figure_layout_objects | 间接依赖 | pip | |
| FakeRenderer | 间接依赖 | pip | |
| escape-string-regexp | 1.0.5 | 间接依赖 | npm |
| get_by_path | 间接依赖 | pip | |
| write_source_py | 间接依赖 | pip | |
| backports.tempfile | 1.0 | 间接依赖 | pip |
| dup | 1.0.0 | 间接依赖 | npm |
| xarray | 0.17.0 | 间接依赖 | pip |
| inflight | 1.0.6 | 间接依赖 | npm |
| product | 间接依赖 | pip | |
| @jupyterlab/builder | 3.6.1 | 直接依赖 | npm |
| loader-runner | 4.2.0 | 间接依赖 | npm |
| mouse-change | 1.4.0 | 间接依赖 | npm |
| uniq | 1.0.1 | 间接依赖 | npm |
| @jupyterlab/nbformat | 3.0.6 | 间接依赖 | npm |
| @turf/helpers | 6.5.0 | 间接依赖 | npm |
| abs-svg-path | 0.1.1 | 间接依赖 | npm |
| @webassemblyjs/helper-wasm-bytecode | 1.11.1 | 间接依赖 | npm |
| validate_coerce_fig_to_dict | 间接依赖 | pip | |
| errno | 0.1.8 | 间接依赖 | npm |
| clean-stack | 2.2.0 | 间接依赖 | npm |
| util-deprecate | 1.0.2 | 间接依赖 | npm |
| raw-loader | 4.0.2 | 间接依赖 | npm |
| cufflinks | 0.17.3 | 间接依赖 | pip |
| csscolorparser | 1.0.3 | 间接依赖 | npm |
| glsl-token-descope | 1.0.2 | 间接依赖 | npm |
| to-float32 | 1.1.0 | 间接依赖 | npm |
| loader-utils | 1.4.2 | 间接依赖 | npm |
| node_generator | 间接依赖 | pip | |
| @xtuc/ieee754 | 1.2.0 | 间接依赖 | npm |
| is-mobile | 4.0.0 | 间接依赖 | npm |
| abab | 2.0.5 | 间接依赖 | npm |
| @jridgewell/sourcemap-codec | 1.4.14 | 间接依赖 | npm |
| postcss-modules-scope | 3.0.0 | 间接依赖 | npm |
| glob | 7.1.6 | 间接依赖 | npm |
| escalade | 3.1.1 | 间接依赖 | npm |
| @plotly/d3 | 3.8.1 | 间接依赖 | npm |
| apply_default_cascade | 间接依赖 | pip | |
| bitmap-sdf | 1.0.4 | 间接依赖 | npm |
| escodegen | 1.14.3 | 间接依赖 | npm |
| potpack | 1.0.2 | 间接依赖 | npm |
| at-least-node | 1.0.0 | 直接依赖 | npm |
| shallow-copy | 0.0.1 | 间接依赖 | npm |
| chownr | 2.0.0 | 间接依赖 | npm |
| svg-url-loader | 6.0.0 | 间接依赖 | npm |
| scikit-image | 0.18.1 | 间接依赖 | pip |
| @lumino/domutils | 1.8.2 | 间接依赖 | npm |
| normalize-package-data | 2.5.0 | 间接依赖 | npm |
| @types/sizzle | 2.3.2 | 间接依赖 | npm |
| @turf/meta | 6.5.0 | 间接依赖 | npm |
| svg-path-sdf | 1.1.3 | 间接依赖 | npm |
| worker-loader | 3.0.8 | 间接依赖 | npm |
| human-signals | 2.1.0 | 间接依赖 | npm |
| array-range | 1.0.1 | 间接依赖 | npm |
| unique-filename | 1.1.1 | 间接依赖 | npm |
| ajv | 6.12.6 | 间接依赖 | npm |
| @jridgewell/source-map | 0.3.2 | 间接依赖 | npm |
| glsl-token-scope | 1.1.2 | 间接依赖 | npm |
| d3-dispatch | 1.0.6 | 间接依赖 | npm |
| onetime | 5.1.2 | 间接依赖 | npm |
| @webassemblyjs/helper-buffer | 1.11.1 | 间接依赖 | npm |
| svg-path-bounds | 1.0.2 | 间接依赖 | npm |
| string.prototype.trimstart | 1.0.4 | 间接依赖 | npm |
| d3-geo-projection | 2.9.0 | 间接依赖 | npm |
| InfoArrayValidator | 间接依赖 | pip | |
| @types/node | 14.14.37 | 间接依赖 | npm |
| mouse-event-offset | 3.0.2 | 间接依赖 | npm |
| icss-utils | 5.1.0 | 间接依赖 | npm |
| d3-path | 1.0.9 | 间接依赖 | npm |
| fs-extra | 7.0.1 | 间接依赖 | npm |
| @lumino/commands | 1.21.1 | 间接依赖 | npm |
| tar | 6.1.11 | 间接依赖 | npm |