The hardware and bandwidth for this mirror is donated by dogado GmbH, the Webhosting and Full Service-Cloud Provider. Check out our Wordpress Tutorial.
If you wish to report a bug, or if you are interested in having us mirror your free-software or open-source project, please feel free to contact us at mirror[@]dogado.de.
risk.assessr helps in the initial determining of a
package’s reliability and security in terms of maintenance,
documentation, and dependencies. This package is designed to carry out a
risk assessment of R packages at the beginning of the validation process
(either internal or open source). It calculates risk metrics such
as:
Core metrics - includes R command check, unit test coverage and composite coverage of dependencies
Documentation metrics - availability of vignettes, news tracking, example(s), check if functions have family documentation, return object description for exported functions, and type of license
Dependency Metrics - package dependencies and reverse dependencies
Traceability matrix - matching the function / test descriptions to tests and match to test pass/fail
This package executes the following tasks:
Download the source package(tar.gz file)
Unpack the tar.gz file
Install the package locally
Run code coverage
Run a traceability matrix
Run R CMD check
Run risk assessment metrics using default or user defined weighting
Install from GitHub:
remotes::install_github("Sanofi-Public/risk.assessr")Or from CRAN, when published:
install.packages("risk.assessr")To assess your package, do the following steps:
Build your package as a tar.gz file
Set repository options
Run the following code sample by loading or add path parameter to
your tar.gz package source code
options(repos = c(
RSPM = "https://cloud.r-project.org",
INTERNAL = "https://cloud.r-project.org",
INTERNAL_RSPM = "https://cloud.r-project.org"
))
library(risk.assessr)
# using build package
# Local package source tarball (path or interactive file chooser)
results <- risk_assess_pkg("path/to/your/package.tar.gz")
results <- risk_assess_pkg() # opens file chooser
# Package by name from CRAN/Bioconductor/internal
results <- risk_assess_pkg(package = "dplyr")
results <- risk_assess_pkg(package = "dplyr", version = "1.0.0")
# Lock file (renv.lock or pak.lock)
results <- risk_assess_pkg_lock_files("path/to/your/lockfile")Note: This process can be very time-consuming and is recommended to be performed as a batch job or within a GitHub Action.
| Key Metrics | Reason | where to find them in Metrics and Risk assessment |
|---|---|---|
| RCMD check | series of 45 package checks of tests, package structure, documentation | check element in results list,
check_list |
| test coverage | unit test coverage | covr element in results list,
covr_list |
| risk analysis | rules and thresholds to identify risks | risk_analysis |
| traceability matrix | maps exported functions to test coverage, documentation by risk and function type | tm_list |
Gillian E, Bottois H, Charliquart P, Couturier A (2025). risk.assessr: Assessing Package Risk Metrics. R package version 2.0.0, https://sanofi-public.github.io/risk.assessr/.
@Manual{,
title = {risk.assessr: Assessing Package Risk Metrics},
author = {Edward Gillian and Hugo Bottois and Paulin Charliquart and Andre Couturier},
year = {2025},
note = {R package version 2.0.0},
url = {https://sanofi-public.github.io/risk.assessr/},
}The project is inspired by the riskmetric
package and the mpn.scorecard
package and draws on some of their ideas and functions.
These binaries (installable software) and packages are in development.
They may not be fully stable and should be used with caution. We make no claims about them.
Health stats visible at Monitor.