✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

✅ PR preview is ready!

Summary

This PR adds two new parameters — hide_index and hide_header — to st.table(). Both accept bool | None:

• hide_index: When None (default), auto-hides the index if it's a default RangeIndex; shows custom indices. Explicit True/False overrides.
• hide_header: When None (default), auto-hides column headers for data formats without user-defined column names (dict, list, numpy, set, tuple, etc.). Explicit True/False overrides.

Changes span the full stack: protobuf schema (Table.proto), Python backend (table.py), React frontend (Table.tsx), and comprehensive tests (Python unit, frontend unit, and E2E with snapshots).

Code Quality

The implementation is clean and follows existing patterns well.

Backend (lib/streamlit/elements/table.py):

• _compute_hide_index and _compute_hide_header are well-structured module-level functions with proper docstrings, type annotations, and from __future__ import annotations.
• The _HIDE_HEADER_DATA_FORMATS set correctly identifies data formats without user-defined column names. The selection (KEY_VALUE_DICT, LIST_OF_ROWS, LIST_OF_VALUES, NUMPY_LIST, NUMPY_MATRIX, SET_OF_VALUES, TUPLE_OF_VALUES, PANDAS_ARRAY, PYARROW_ARRAY) is well-considered — formats with explicit column names (COLUMN_VALUE_MAPPING, LIST_OF_RECORDS, PANDAS_DATAFRAME, etc.) are correctly excluded.
• Smart avoidance of double DataFrame conversion via the converted_df parameter — the pre-converted DataFrame from is_unevaluated_data_object handling is reused in _compute_hide_index.
• Good handling of Styler objects by accessing data.data to inspect the underlying DataFrame's index.
• The data_format is determined before the unevaluated data conversion, which is correct since determine_data_format inspects the original input type.

Frontend (frontend/lib/src/components/elements/Table/Table.tsx):

• hideIndex and hideHeader are derived during render (not in effects), following React best practices per the AGENTS.md.
• Index columns are filtered at render time by returning null from map() in both generateTableHeader and generateTableRow — the underlying Quiver data is untouched.
• visibleNumColumns is correctly recalculated for the empty table cell's colSpan.
• Sticky header/index logic correctly accounts for hideHeader and hideIndex (e.g., enableStickyHeaders is false when hideHeader is true).

Protobuf (proto/streamlit/proto/Table.proto):

• Two new bool fields at field numbers 3 and 4 — clean additions, no conflicts.

Docstrings: The new parameter docstrings follow the NumPy style, use double backticks for inline code, and list options with bullet points — consistent with existing parameter documentation. The two new examples (4 and 5) are useful but lack .. output:: directives. This is minor since Example 3 also lacks one, so it's consistent within the file.

Test Coverage

Test coverage is thorough across all layers:

Python unit tests (lib/tests/streamlit/elements/table_test.py):

• Explicit True/False for both parameters (parameterized).
• Auto-hide logic for RangeIndex vs. custom index.
• Auto-hide logic for DataFrames vs. simple data formats (dict, list, nested list, numpy).
• Styler object support (with both RangeIndex and custom index).
• Explicit override of auto-hide behavior.
• Combined hide_index=True + hide_header=True.

Frontend unit tests (Table.test.tsx):

• Hide/show index columns with hideIndex true/false.
• Hide/show header row with hideHeader true/false.
• Anti-regression checks (data cells still present when index/header hidden; thead still present when hideHeader is false).

E2E tests (e2e_playwright/st_table_test.py):

• 10 scenario-specific tests with both behavioral assertions and visual snapshots.
• Covers: auto-hide RangeIndex, custom index shown, explicit true/false for both params, auto-hide for dict/list data, combined params, and MultiIndex with hide_index.

Minor observations on E2E tests:

• Per the E2E AGENTS.md guidance to "prefer a single aggregated scenario test over many micro-tests when they share the same setup and page state," the 10 separate test functions could be consolidated into 2–3 aggregated tests (e.g., one for hide_index scenarios, one for hide_header scenarios) to reduce browser loads. This is a style preference, though, and the current approach is clearer for debugging failures.
• Tests rely on nth() index-based access (indices 37–46), which is fragile if tables are added/removed earlier in the app. This is consistent with the existing test style in this file, but wrapping with st.container(key=...) would be more resilient.

Missing but optional test coverage:

• No typing test file (lib/tests/streamlit/typing/table_types.py) was added for the new parameters. This is pre-existing (there was none before), but would be valuable for catching typing regressions on the public API.
• No test for hide_index=True on an empty DataFrame (0 rows).

Backwards Compatibility

This is a behavioral breaking change for existing users. With the default None values:

1. Index auto-hide: Any st.table(df) where df has a default RangeIndex (the common case for most DataFrames) will now hide the index column. Previously, the numeric index (0, 1, 2, ...) was always visible.
2. Header auto-hide: Any st.table(dict_or_list) will now hide column headers. Previously, auto-generated headers like "0" were always visible.

This is reflected in the updated E2E snapshots — many existing numbered snapshots (st_table-0 through st_table-13, st_table-27 through st_table-37) were updated because the visual appearance changed.

Users can opt out with hide_index=False and/or hide_header=False. The change is labeled change:feature and impact:users, indicating it's intentional.

Wire protocol compatibility is preserved:

• Old frontends receiving new proto fields will ignore unknown fields (proto3 behavior) and continue showing everything.
• New frontends receiving old protos will see false for both bools (proto3 default), correctly showing index and headers.

Security & Risk

No security concerns identified. The changes are purely display-related:

• No user input is used in unsafe ways.
• No new endpoints or authentication changes.
• No filesystem or network operations added.

Regression risk is low-to-moderate:

• The auto-hide logic could produce unexpected behavior for edge-case data types not covered in tests (e.g., Polars DataFrames, Modin DataFrames, Snowpark DataFrames passed to _compute_hide_index). These go through the final convert_anything_to_pandas_df fallback path in _compute_hide_index, which should work correctly since the conversion produces a DataFrame with a RangeIndex by default.

Accessibility

• When hideHeader is true, the <thead> element is not rendered, which means screen readers lose the column header context for table cells. This is an inherent trade-off of hiding headers, and is the expected behavior when users explicitly choose to hide them.
• When hideIndex is true, <th scope="row"> elements are removed, reducing row-level semantic information. Again, this is the expected outcome of the user's choice.
• The existing accessibility attributes for scrollable tables (role="region", tabIndex, aria-label) are correctly preserved and unaffected by these changes.
• No new interactive elements are introduced, so no new keyboard/focus concerns.

Recommendations

1. Consider adding a typing test (lib/tests/streamlit/typing/table_types.py) to verify the hide_index and hide_header parameter types are correctly exposed in the public API. This catches type signature regressions via mypy.

2. E2E test consolidation: Consider consolidating the 10 new E2E test functions into 2–3 aggregated scenario tests (one for hide_index scenarios, one for hide_header scenarios, one for combined). This follows the E2E AGENTS.md guidance to reduce browser loads while maintaining the same coverage.

3. Document the behavioral change: Since existing tables will look different after this change (auto-hidden index/headers), consider noting this in release notes or a migration guide. Users who relied on seeing the RangeIndex or auto-generated headers will need to add hide_index=False or hide_header=False.

4. Minor: The new docstring examples 4 and 5 could benefit from .. output:: directives with demo app URLs for consistency with examples 1 and 2.

Verdict

APPROVED: Well-implemented feature with clean code, thorough test coverage across all layers, and correct protobuf wire compatibility. The auto-hide behavioral change is intentional and users can opt out. Minor improvements (typing tests, E2E consolidation, release notes) are recommended but not blocking.

This is an automated AI review by opus-4.6-thinking.

Summary

This PR adds two new parameters — hide_index and hide_header — to st.table(). Both accept bool | None:

• hide_index: When None (default), auto-hides the index if it's a default RangeIndex; shows custom indices. Explicit True/False overrides.
• hide_header: When None (default), auto-hides column headers for data formats without user-defined column names (dict, list, numpy, set, tuple, etc.). Explicit True/False overrides.

Changes span the full stack: protobuf schema (Table.proto), Python backend (table.py), React frontend (Table.tsx), and comprehensive tests (Python unit, frontend unit, and E2E with snapshots).

Both reviewers agreed this is a well-structured, cleanly implemented feature. One reviewer (gpt-5.3-codex-high) raised a critical concern about double-consumption of one-shot data sources that was verified to be incorrect upon code inspection (see Code Quality section below).

Code Quality

The implementation is clean and follows existing patterns well across all layers.

Backend (lib/streamlit/elements/table.py):

• _compute_hide_index and _compute_hide_header are well-structured module-level functions with proper docstrings and type annotations.
• The _HIDE_HEADER_DATA_FORMATS set correctly identifies data formats without user-defined column names. The selection is well-considered — formats with explicit column names (COLUMN_VALUE_MAPPING, LIST_OF_RECORDS, PANDAS_DATAFRAME, etc.) are correctly excluded.
• Good handling of Styler objects by accessing data.data to inspect the underlying DataFrame's index.
• The data_format is determined before the unevaluated data conversion, which is correct since determine_data_format inspects the original input type.

Resolved disagreement — double-consumption claim: gpt-5.3-codex-high flagged a merge-blocking regression claiming one-shot data sources (generators, DB cursors) are consumed twice. After tracing the code, this is not a real issue. The flow for one-shot inputs is:

1. is_unevaluated_data_object(data) returns True for generators, DB cursors, Snowpark, PySpark, etc. (line 348)
2. Data is converted once to converted_df, and data is reassigned to this DataFrame (lines 349-352)
3. _compute_hide_index(data, converted_df, hide_index) receives the already-converted DataFrame as both data and data_df (line 355)
4. Inside _compute_hide_index, the data_df is not None check (line 130) takes the early-return path, never reaching the fallback convert_anything_to_pandas_df at line 138
5. marshall_table at line 373 receives the already-converted DataFrame

The fallback path at line 138 only executes for non-DataFrame, non-Styler, non-unevaluated data (plain lists, dicts, numpy arrays, etc.) — none of which are one-shot sources. The converted_df parameter was specifically designed to prevent double conversion.

Frontend (Table.tsx):

• hideIndex and hideHeader are derived during render (not in effects), following React best practices.
• Index columns are filtered at render time by returning null from map() — the underlying Quiver data is untouched.
• visibleNumColumns is correctly recalculated for the empty table cell's colSpan.
• Sticky header/index logic correctly accounts for hideHeader and hideIndex.

Protobuf (Table.proto):

• Two new bool fields at field numbers 3 and 4 — clean additive additions, no conflicts.

Docstrings: The new parameter docstrings follow the NumPy style, use double backticks for inline code, and list options with bullet points — consistent with existing documentation. The two new examples (4 and 5) lack .. output:: directives, but this is consistent with Example 3 in the same file. (Both reviewers agreed this is minor.)

Test Coverage

Both reviewers agreed test coverage is thorough. Coverage spans all layers:

Python unit tests (table_test.py):

• Explicit True/False for both parameters (parameterized).
• Auto-hide logic for RangeIndex vs. custom index.
• Auto-hide logic for DataFrames vs. simple data formats (dict, list, nested list, numpy).
• Styler object support (with both RangeIndex and custom index).
• Explicit override of auto-hide behavior.
• Combined hide_index=True + hide_header=True.

Frontend unit tests (Table.test.tsx):

• Hide/show index columns with hideIndex true/false.
• Hide/show header row with hideHeader true/false.
• Anti-regression checks (data cells still present when index/header hidden; thead present when hideHeader is false).

E2E tests (st_table_test.py):

• 10 scenario-specific tests with behavioral assertions and visual snapshots.
• Covers: auto-hide RangeIndex, custom index shown, explicit true/false for both params, auto-hide for dict/list data, combined params, and MultiIndex with hide_index.

Minor gaps (non-blocking):

• No typing test file for the new parameters (pre-existing gap — none existed before).
• No test for hide_index=True on an empty DataFrame.
• E2E tests rely on nth() index-based access, which is fragile but consistent with existing test style in the file.

Backwards Compatibility

Both reviewers agreed the wire protocol is compatible:

• Old frontends will ignore unknown proto fields (proto3 behavior) and continue showing everything.
• New frontends receiving old protos will see false for both bools (proto3 default), correctly showing index and headers.

This is an intentional behavioral change for existing users. With the default None values:

1. st.table(df) where df has a default RangeIndex will now hide the index column.
2. st.table(dict_or_list) will now hide column headers.

Users can opt out with hide_index=False and/or hide_header=False. The change is labeled change:feature and impact:users, indicating it's intentional. Updated E2E snapshots confirm the visual changes.

Security & Risk

Both reviewers agreed: no security concerns. Changes are purely display-related with no new endpoints, authentication changes, or unsafe input handling.

Regression risk is low. The auto-hide logic for edge-case data types (Polars, Modin, Snowpark) goes through the is_unevaluated_data_object path, which correctly converts once and reuses the result.

Accessibility

Both reviewers agreed on the accessibility implications:

• hideHeader=true removes <thead>, reducing screen-reader column context. This is the expected behavior for an explicit hide option.
• hideIndex=true removes <th scope="row"> elements, reducing row-level semantic information. Again, expected for the user's explicit choice.
• Existing accessibility attributes (role="region", tabIndex, aria-label) for scrollable tables are correctly preserved and unaffected.
• No new interactive elements are introduced, so no new keyboard/focus concerns.

Recommendations

1. Consider adding a typing test (lib/tests/streamlit/typing/table_types.py) to verify the hide_index and hide_header parameter types are correctly exposed in the public API. (Both reviewers noted this.)

2. E2E test consolidation: Consider consolidating the 10 new E2E test functions into 2–3 aggregated scenario tests to reduce browser loads, per the E2E AGENTS.md guidance. (Style preference, not blocking.)

3. Document the behavioral change: Since existing tables will look different after this change, consider noting this in release notes. Users who relied on seeing the RangeIndex or auto-generated headers will need to add hide_index=False or hide_header=False.

4. Minor: The new docstring examples 4 and 5 could benefit from .. output:: directives for consistency with examples 1 and 2.

Verdict

APPROVED: Well-implemented feature with clean code, thorough test coverage across all layers, and correct protobuf wire compatibility. The critical concern raised by one reviewer about double-consumption of one-shot data sources was verified to be incorrect — the code specifically handles this via the converted_df parameter pattern. The auto-hide behavioral change is intentional and users can opt out. Minor improvements (typing tests, E2E consolidation, release notes) are recommended but not blocking.

Consolidated review by opus-4.6-thinking. Reviewed models: gpt-5.3-codex-high, opus-4.6-thinking (2/2 expected reviews received).