Learn R Programming

risk.assessr

risk.assessr

Overview

risk.assessr helps in the initial determining of a package's reliability and security in terms of maintenance, documentation, and dependencies.

This package is designed to carry out a risk assessment of R packages at the beginning of the validation process (either internal or open source).

It calculates risk metrics such as:

Core metrics - includes R command check, unit test coverage and composite coverage of dependencies

Documentation metrics - availability of vignettes, news tracking, example(s), return object description for exported functions, and type of license

Dependency Metrics - package dependencies and reverse dependencies

It also calculates a:

Traceability matrix - matching the function / test descriptions to tests and match to test pass/fail

Description

This package executes the following tasks:

  1. upload the source package(tar.gz file)

  2. Unpack the tar.gz file

  3. Install the package locally

  4. Run code coverage

  5. Run a traceability matrix

  6. Run R CMD check

  7. Run risk assessment metrics using default or user defined weighting

Notes

This package fixes a number of errors in pharmaR/riskmetric

  1. running R CMD check and code coverage with locally installed packages
  2. user defined weighting works
  3. Suggests added to checking dependencies
  4. assess_dependencies and assess_reverse_dependencies has sigmoid point increased
  5. assess_dependencies has value range changed to fit in with other scoring metrics

Package Installation

from Github

  • Create a Personal Access Token (PAT) on github

  • Create a .Renviron file with your GITHUBTOKEN as:

# .Renviron
GITHUBTOKEN=dfdxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxfdf
  • restart R session
  • You can install the package with:
auth_token = Sys.getenv("GITHUBTOKEN")
devtools::install_github("Sanofi-Public/risk.assessr", ref = "main", auth_token = auth_token)

from CRAN

options(repos = "http://cran.us.r-project.org")
installed.packages(risk.asssessr)

Usage

Assessing your own package

To assess your package, do the following steps:

1 - save your package as a tar.gz file

  • This can be done in RStudio -> Build Tab -> More -> Build Source Package

2 - Run the following code sample by loading or add path parameter to your tar.gz package source code

Set repository options

options(repos = c(
  RSPM = "http://cran.us.r-project.org",
  INTERNAL_RSPM = "<your_internal_RSPM>"
))

This sets up repository sources for R packages allows you to access both public (CRAN/Bioconductor) and internal packages

When you install or load packages, R will:

First check the RSPM repository for CRAN/Bioconductor packages Then look in the INTERNAL repository for internal-specific packages Finally, search INTERNAL_RSPM if packages aren't found in the previous locations

# for local tar.gz R package
risk_assess_package <- risk_assess_pkg()

risk_assess_package <- risk_assess_pkg(path/to/your/package)

Assessing from local renv.lock file

This function processes renv.lock to produce risk metric data for each package.

# for local renv.lock file

risk_assess_package <- risk_assess_pkg_lock_files(path/to/your/lockfile)

Note: This process can be very time-consuming and is recommended to be performed as a batch job or within a GitHub Action.

Assessing Open source R package on CRAN or bioconductor

To check a source code package from CRAN or bioconductor, run the following code:

risk_assess_package <- assess_pkg_r_package(package_name, package_version)

Metrics and Risk assessment

Key MetricsReasonwhere to find them in Metrics and Risk assessment
RCMD checkseries of 45 package checks of tests, package structure, documentationcheck element in results list, check_list
test coverageunit test coveragecovr element in results list, covr_list
risk analysisrules and thresholds to identify risksrisk_analysis
traceability matrixmaps exported functions to test coverage, documentation by risk and function typetm_list

results

results
├── pkg_name: "admiral"
├── pkg_version: "1.0.2"
├── pkg_source_path
├── date_time
├── executor
├── sysname, version, release, machine, comments
├── license: 1
├── license_name: "Apache License (>= 2)"
├── size_codebase: 0.9777
├── has_bug_reports_url, has_examples, has_maintainer, has_news
├── has_source_control, has_vignettes, has_website, news_current
├── export_help: 0
├── check: 0
├── covr: 0
├── dependencies
│   ├── imports: [list of packages with versions]
│   └── suggests: [list of packages with versions]
├── suggested_deps: [list of 5 dependency issues]
├── author
│   ├── maintainer: [Ben Straub info]
│   ├── funder: [list of organizations]
│   └── authors: [list of contributors]
├── host
│   ├── github_links
│   ├── cran_links
│   ├── internal_links
│   └── bioconductor_links
├── github_data
│   ├── created_at
│   ├── stars, forks
│   ├── date
│   ├── recent_commits_count
│   └── open_issues
├── download
│   ├── total_download
│   └── last_month_download
├── rev_deps: [list of reverse dependencies]
├── version_info
│   ├── all_versions: [list of version/date pairs]
│   ├── last_version
│   └── difference_version_months
├── tests
│   ├── has_testthat
│   ├── has_snaps
│   ├── has_testit
│   ├── n_golden_tests
│   └── n_test_files
└── risk_profile: "High"

More info Here

covr_list

covr_list
├── total_cov: "NA"
└── res_cov
    ├── name: "admiral"
    ├── coverage
    │   ├── filecoverage: null
    │   └── totalcoverage: "NA"
    └── errors: [callr traceback]

Copy Link

Version

Install

install.packages('risk.assessr')

Monthly Downloads

211

Version

3.0.1

License

GPL (>= 2)

Maintainer

Edward Gillian

Last Published

December 2nd, 2025

Functions in risk.assessr (3.0.1)

average_issue_close_time

Calculate Average Time to Close GitHub Issues
capture_cran_warning

Capture CRAN URL warnings and errors
check_ggproto

function to check value of ggproto
clean_license

Clean and normalize license names
check_suggested_exp_funcs

Function to check suggested exported functions
classify_function_body

classify_function_body
extract_thresholds_by_id

Extract risk thresholds by id
cran_packages

Retrieve the List of CRAN Packages (Internal)
cran_revdep

Find Reverse Dependencies of a CRAN Package
build_dependency_tree

Build a Dependency Tree for an R Package
count_commits_last_months

Count Commits in the Last Months
convert_number_to_percent

Convert number to percent
clean_up_dependencies

Clean Up Dependencies
fine_grained_tms

Create fine grained traceability matrices
compute_risk

Compute Risk Level
extract_exported_function_info

Extract Exported Function Metadata from an R Package
create_empty_results

Create empty results
extract_dependency_package_names

Extract Package Names from a Dependency String
extract_risk_inputs

Extract Risk Inputs
extract_ggproto_methods

function to extract ggproto methods
extract_maintainer_info

Helper to create maintainer
generate_rcmd_check_section

Generate RCMD Check Metrics Section
generate_pop_metrics_section

Generate Popularity Metrics Section
create_empty_tm

create empty tm
find_reverse_dependencies

find reverse dependencies
detect_version_conflicts

Detect Version Conflicts from dependency tree
contains_r_folder

Check for Vignette Folder and .Rmd Files in a .tar File
contains_vignette_folder

Check for Vignette Folder and .Rmd Files in a .tar File
doc_riskmetric

Run all relevant documentation riskmetric checks
create_traceability_matrix

Create a Traceability Matrix
convert_number_to_abbreviation

Convert number to abbreviation
dependsOnPkgs

Determine Packages that Depend on Given Packages
extract_package_name

Extract package name from package source path
extract_package_version

Extract the Installed Version of a Package
filter_symbol_functions

Remove specific symbols from vector of functions
fetch_bioconductor_releases

Fetch Bioconductor Release Announcements
download_and_parse_dependencies

Download and Parse Dependencies of an R Package
get_pkg_name

get package name for display
get_pkg_license

Assess License
create_items_matched

Create items matched
expand_dependency_type_spec

Expand Dependency Type Specification
create_file_coverage_df

Generate file coverage df
generate_html_report

Generate HTML Report for Package Assessment
get_bioconductor_package_url

Retrieve Bioconductor Package URL
generate_fg_trace_matrix_section

Generate Fine grained Trace Matrices Section
extract_thresholds_by_key

Extract risk thresholds by key
get_cran_package_url

Get CRAN Package URL
get_cran_total_downloads

Get CRAN Total or Recent Downloads for a Package
get_license_thresholds

Get License Levels from Thresholds
get_commits_since

Retrieve GitHub Commits as Weekly Counts (using curl)
get_max_thresholds

Extract Maximum Thresholds for Code Coverage Levels
get_pubmed_by_year

Get Annual PubMed Article Counts for a Search Term
get_pkg_desc

Read Description file and parse the package name and version
get_pkg_author

Assess Authors
get_result_path

Assign output file path for various outputs during scorecard rendering
fetch_all_dependencies

Fetch All Dependencies for a Package
fetch_bioconductor_package_info

Fetch Bioconductor Package Information
generate_rev_deps_section

Generate Reverse Dependencies Section
function_is_ggproto

function to check value of ggproto
get_pubmed_count

Get Total Number of PubMed Articles for a Search Term
get_suggested_exp_funcs

Function to get suggested exported functions
install_package_local

Install package locally
get_session_dependencies

Get Dependencies
get_reverse_dependencies

Get reverse dependencies
handle_null

Helper function to replace NULL with "N/A"
get_dependencies

Get dependencies
generate_risk_details

Generate Risk Details
generate_coverage_section

Generate Coverage Section
extract_version

Extract Package Version from File Path
generate_doc_metrics_section

Generate Doc Metrics Section
generate_traceability_matrix

Assess an R Package traceability matrix from package name and version
print_tree

Print a Package Dependency Tree
generate_deps_section

Generate Dependencies Section
get_package_download_bioconductor

Get Bioconductor Package Download Statistics
get_package_download_cran

Get CRAN Daily Downloads for a Package
get_exports

list all package exports
generate_risk_summary

Generate Risk Summary
get_github_data

Fetch GitHub Repository Data
get_r6_methods_details

function to get R6 methods
get_func_descriptions

Get function descriptions
generate_trace_matrix_section

Generate Trace Matrix Section
get_all_s4_methods

Extract all S4 methods
is_base

Check if a Package is a Base or Recommended R Package
unpack_tarball

Untar package and return installation directory
set_up_pkg

Creates information on package installation
setup_rcmdcheck_args

set up rcmdcheck arguments
process_items_matched

process items matched
modify_description_file

Modify the DESCRIPTION File in a R Package Tarball
get_repo_owner

Extract GitHub repository owner from links
get_toplevel_assignments

list all top-level objects defined in the package code
get_risk_analysis

Get Risk Analysis
get_risk_definition

Get Risk Definition
get_versions

Get Package Versions
run_rcmdcheck

Run R CMD CHECK
safe_value

Helper to conditionally apply handle_null or abbreviation
parse_dcf_dependencies_version

Parse Dependencies from a Package DESCRIPTION File
parse_html_version

Parse HTML Content for Package Versions
normalize_data

Normalize Nested Package Data
get_internal_package_url

Get Internal Package URL
get_host_package

Extract and Validate Package Hosting Information
parse_bioconductor_releases

Parse Bioconductor Release Announcements
get_s3_method

function to get S3 method
map_functions_to_docs

Map all Rd files to the functions they describe
get_risk_metadata

Get risk metadata
map_functions_to_scripts

Get all exported functions and map them to R script where they are defined
run_coverage

Run covr and potentially save results to disk
risk_assess_pkg_lock_files

Process lock files
list_badges

List badges image URLs from a local README
risk_assess_pkg

Assess package - simplified
parse_package_info

Parse Package Information from CRAN Archive
parse_dcf_dependencies

Parse DCF of description file
run_covr

Run covr in subprocess with timeout
preprocess_func_full_name

function to preprocess func_full_name
remove_base_packages

Helper function to remove base and recommended packages
risk.assessr-package

risk.assessr: Assessing Package Risk Metrics
assess_export_help

assess_export_help
assess_pkg

Assess package
as_iso_date

Convert input to ISO 8601 date (YYYY-MM-DD)
assess_pkg_r_package

Assess an R Package riskmetric with package name and version
check_forbidden_notes

Reclassify Forbidden Notes as Errors in rcmdcheck Results
assess_news

Assess Rd files for news
assess_size_codebase

assess codebase size
assess_news_current

Assess Rd files for news
assess_description_file_elements

assess_description_file_elements
assess_exports

Assess exported functions to namespace
assess_examples

Assess Rd files for example or examples
bioconductor_reverse_deps

Find Bioconductor Package Reverse Dependencies
check_cran_package

Check if a Package Exists on CRAN
check_and_fetch_cran_package

Check and Fetch CRAN Package
check_pkg_tests_and_snaps

Check for tests/testthat and _snaps folder and count golden tests
assess_vignettes

Assess vignettes