The hardware and bandwidth for this mirror is donated by METANET, the Webhosting and Full Service-Cloud Provider.
If you wish to report a bug, or if you are interested in having us mirror your free-software or open-source project, please feel free to contact us at mirror[@]metanet.ch.

Using Risk Assessment Functions

Introduction

This vignette demonstrates how to use the risk_assess_pkg() and assess_pkg_r_package() functions from the risk.assessr package to assess the risk of R packages.

You can assess:

1. Assessing a Local Source Package

To assess your own package:

Step 1: Build your package

Use RStudio: Build > More > Build Source Package to generate a .tar.gz file.

Step 2: Upload the package (optional)

If using a web interface or app built on top of the risk engine, upload the .tar.gz file through the UI.

Step 3: Run the assessment

# Assess a local .tar.gz R package by tar file upload

# risk_result <- risk_assess_pkg()

# OR by providing a path

risk_result <- risk_assess_pkg(path/to/my/package)

2. Assessing via renv.lock

You can assess risks for all packages defined in an renv.lock or pak.lock file. This is helpful for auditing projects.

# Assess based on renv.lock
risk_result <- risk_assess_pkg("path/to/project/with/renv.lock") # or pak.lock

Note: This can be slow and is it better to run as a batch job or in CI (e.g., GitHub Actions).

3. Assessing a CRAN or Bioconductor Package

Use this method to check a remote package and version directly from public repositories.

Assess the latest version from CRAN

risk_result <- assess_pkg_r_package("stringr")

Or a specific version

risk_result <- assess_pkg_r_package("stringr", version = "1.5.0")

Summary

These functions provide a consistent interface to assess risk for:

You can extend functionality by passing a custom risk_config to override default.

See more Here

These binaries (installable software) and packages are in development.
They may not be fully stable and should be used with caution. We make no claims about them.