Using Risk Assessment Functions
Source:vignettes/How-to-use-risk.assessr.Rmd
How-to-use-risk.assessr.RmdIntroduction
This vignette demonstrates how to use the
risk_assess_pkg() and assess_pkg_r_package()
functions from the risk.assessr package to assess the risk
of R packages.
You can assess:
- A local
.tar.gzsource package (by upload and using path) - A package from CRAN or Bioconductor
- A package defined by an
renv.lockfile
1. Assessing a Local Source Package
To assess your own package:
Step 1: Build your package
Use RStudio: Build > More > Build Source Package
to generate a .tar.gz file.
Step 2: Upload the package (optional)
If using a web interface or app built on top of the risk engine,
upload the .tar.gz file through the UI.
Step 3: Run the assessment
# Assess a local .tar.gz R package by tar file upload
# risk_result <- risk_assess_pkg()
# OR by providing a path
risk_result <- risk_assess_pkg(path/to/my/package)2. Assessing via renv.lock
You can assess risks for all packages defined in an
renv.lock or pak.lock file. This is helpful
for auditing projects.
# Assess based on renv.lock
risk_result <- risk_assess_pkg("path/to/project/with/renv.lock") # or pak.lockNote: This can be slow and is it better to run as a batch job or in CI (e.g., GitHub Actions).
3. Assessing a CRAN or Bioconductor Package
Use this method to check a remote package and version directly from public repositories.
Assess the latest version from CRAN
risk_result <- assess_pkg_r_package("stringr")Or a specific version
risk_result <- assess_pkg_r_package("stringr", version = "1.5.0")Summary
These functions provide a consistent interface to assess risk for:
- Locally built packages
- renv or pak-based project dependencies
- Published open source packages from CRAN or Bioconductor
You can extend functionality by passing a custom
risk_config to override default.
See more Here