updates for 2026

[mathematicalmichael]

lets bring this back to life.

Changes Summary

This document summarizes the changes made to HiPlot in the patch/fixes branch.

Build & Packaging

Modern pyproject.toml Configuration

Migrated from setup.py to pyproject.toml for modern Python packaging.

Dependencies are now optional:

• pip install hiplot-mm - Core functionality only (beautifulsoup4, jinja2)
• pip install hiplot-mm[server] - Web server support (flask, flask-compress)
• pip install hiplot-mm[notebook] - Jupyter notebook support (ipython, ipykernel)
• pip install hiplot-mm[streamlit] - Streamlit support (streamlit)
• pip install hiplot-mm[all] - All optional dependencies
• pip install hiplot-mm[dev] - Development dependencies

Files modified:

• pyproject.toml - New canonical configuration file
• setup.py - Simplified to minimal shim for backwards compatibility
• hiplot/ipython.py - Made IPython/ipykernel imports lazy with helpful error messages
• hiplot/server.py - Added helpful error message when flask is not installed
• hiplot/streamlit_helpers.py - Improved error handling for missing streamlit
• MANIFEST.in - Added pyproject.toml

Dynamic Version from Package Metadata

hiplot.__version__ now reads from installed package metadata (populated from pyproject.toml), ensuring version consistency.

Files modified:

• hiplot/pkginfo.py - Uses importlib.metadata.version() to get version dynamically

Features

Restore Hidden Columns Button

Added a button to restore columns that have been dragged off the parallel plot. The button:

• Appears in the header toolbar alongside Restore/Keep/Exclude/Refresh/Export/Help
• Only shows when there are hidden columns that can be restored
• Updates immediately when columns are hidden or restored (no page refresh needed)
• Flows properly with flex-wrap at all viewport sizes

Files modified:

• src/header.tsx - Added restorableColumnsCount and onRestoreColumns props, renders button inline with other header buttons
• src/component.tsx - Added restorableColumnsCount state, onHiddenColumnsChange callback, and methods getRestorableColumnsCount() and restoreAllColumns() to communicate with ParallelPlot
• src/parallel/parallel.tsx - Added onHiddenColumnsChange callback prop, notifies parent when hide or dimensions state changes

Natural Sort for Categorical Columns

Categorical columns now sort values using natural sort order, so numeric strings sort correctly (1, 2, 3, 10, 11) instead of alphabetically (1, 10, 11, 2, 3).

Files modified:

• src/lib/d3_scales.ts - Added naturalSortComparator() function and applied it to d3_scale_categorical()

UI Improvements

Bold Axis Labels

Axis labels in the parallel plot are now bold for better readability.

Files modified:

• src/hiplot.scss - Added font-weight: bold to .axisLabelText

Margin Above Parallel Plot

Added a small margin between the header and the parallel plot to prevent axis labels from having a hard boundary with the header area.

Files modified:

• src/parallel/parallel.scss - Added margin-top: 8px to .parallel-plot-chart

Fixed Horizontal Scrollbar on Page Load

Fixed a brief horizontal scrollbar that appeared on hard refresh before the layout settled.

Files modified:

• src/hiplot.scss - Added overflow-x: hidden to .hiplot container

Simplified Tutorial

Removed the welcome/info page from the tutorial. The tutorial now starts directly at "Step 1/4: The Parallel Plot" instead of showing package information first.

Files modified:

• src/tutorial/tutorial.tsx - Removed StepHiPlotInfo from the steps array

Context Menu and Tooltip Positioning Fix

Fixed context menus and tooltips being cut off when interacting with rightmost axis labels.

Context menu:

• Now automatically repositions to stay within viewport bounds
• Checks both right and bottom edge overflow after content is rendered
• Menu appears fully visible on the left side when near right edge

Tooltip:

• Axis label tooltips now flip to the left side when near the right edge
• Prevents text from being cut off or awkwardly wrapped

Files modified:

• src/contextmenu.tsx - Added viewport boundary checking in componentDidUpdate() using requestAnimationFrame to reposition after content renders
• src/lib/svghelpers.ts - Updated foDynamicSizeFitContent() to detect right edge proximity and flip tooltip position

Mobile Support (Long-Press for Context Menu)

Added touch event support for mobile devices to access axis context menus.

Features:

• Long-press (500ms) on axis labels triggers the context menu on touch devices
• Tooltip text updated to "long-press" instead of "right click" for mobile-friendly instructions
• Touch events properly cancelled if user moves finger or releases early

Files modified:

• src/lib/svghelpers.ts - Added touchstart, touchend, touchcancel, touchmove event handlers in foCreateAxisLabel()

Security Updates

NPM Package Security Fixes

Updated packages to address security vulnerabilities. Reduced from 17 vulnerabilities (1 critical, 6 high) to 2 low-severity issues.

Critical/High fixes:

• @babel/traverse - Fixed arbitrary code execution vulnerability
• semver - Fixed ReDoS vulnerability
• braces - Fixed resource exhaustion vulnerability
• cross-spawn - Fixed ReDoS vulnerability
• json5 - Fixed prototype pollution vulnerability
• ws - Fixed DoS vulnerability
• webpack - Fixed XSS vulnerability
• postcss - Fixed ReDoS and line parsing vulnerabilities
• micromatch - Fixed ReDoS vulnerability
• lodash - Fixed prototype pollution vulnerability

Remaining (low severity, dev-only):

• tmp - symlink vulnerability in es-check's deep dependencies
• brace-expansion - ReDoS in minimatch (used by npm-run-all, glob)

Files modified:

• package.json - Updated dependencies and added overrides section to force secure versions of transitive dependencies
• bun.lock - Updated lockfile with new package versions

[mathematicalmichael]

Fixes for Mobile Usability

1. src/lib/browsercompat.ts - Fixed scroll event handling for mobile

• Added IS_MOBILE detection
• Added scroll event listener on window for mobile Safari (touch scrolling)
• Added touchmove listener for smoother mobile experience
• Created throttled redrawAllForeignObjectsOnScroll() using requestAnimationFrame to avoid performance issues

2. src/parallel/parallel.tsx - Removed problematic position: fixed

• Removed the Safari workaround that set position: fixed on labels (line 726-728)
• This was causing labels to stay viewport-relative instead of following their parent SVG transforms during drag
• Added redrawAllForeignObjectsIfSafari() call at the end of drag operations to ensure labels settle correctly

3. src/parallel/parallel.scss - Added touch CSS for mobile drag

• Added touch-action: pan-y pinch-zoom on .pplotLabel to allow vertical scrolling
• Added touch-action: none on .label-name to let D3 drag handle touches

Test Results

All 4 mobile tests pass:

• Labels visible after loading ✓
• Labels remain visible after scrolling ✓
• Drag axis works correctly ✓
• Visual regression passes ✓

The test screenshots confirm labels now follow the axis during drag on mobile viewports.