risk.assessr
Define quality variables for evaluating the risk associated with R packages.
Science Score: 13.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
✓codemeta.json file
Found codemeta.json file -
○.zenodo.json file
-
○DOI references
-
○Academic publication links
-
○Academic email domains
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (16.4%) to scientific vocabulary
Repository
Define quality variables for evaluating the risk associated with R packages.
Basic Info
- Host: GitHub
- Owner: Sanofi-Public
- License: gpl-2.0
- Language: R
- Default Branch: main
- Homepage: https://sanofi-public.github.io/risk.assessr/
- Size: 2.9 MB
Statistics
- Stars: 28
- Watchers: 3
- Forks: 2
- Open Issues: 1
- Releases: 1
Metadata Files
README.md
risk.assessr 
Overview
risk.assessr helps in the initial determining of a package’s reliability and security in terms of maintenance, documentation, and dependencies.
This package is designed to carry out a risk assessment of R packages at the beginning of the validation process (either internal or open source).
It calculates risk metrics such as:
Core metrics - includes R command check, unit test coverage and composite coverage of dependencies
Documentation metrics - availability of vignettes, news tracking, example(s), return object description for exported functions, and type of license
Dependency Metrics - package dependencies and reverse dependencies
It also calculates a:
Traceability matrix - matching the function / test descriptions to tests and match to test pass/fail
Description
This package executes the following tasks:
upload the source package(
tar.gzfile)Unpack the
tar.gzfileInstall the package locally
Run code coverage
Run a traceability matrix
Run R CMD check
Run risk assessment metrics using default or user defined weighting
Notes
This package fixes a number of errors in pharmaR/riskmetric
- running R CMD check and code coverage with locally installed packages
- user defined weighting works
-
Suggestsadded to checking dependencies -
assess_dependenciesandassess_reverse_dependencieshas sigmoid point increased -
assess_dependencieshas value range changed to fit in with other scoring metrics
Package Installation
from Github
Create a
Personal Access Token(PAT) ongithub- Log into your
githubaccount - Go to the token settings URL using the Token Settings URL
- (do not forget to add the SSH
Sanofi-GitHubauthorization)
- (do not forget to add the SSH
- Log into your
Create a
.Renvironfile with your GITHUBTOKEN as:
```
.Renviron
GITHUBTOKEN=dfdxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxfdf ```
- restart R session
- You can install the package with:
auth_token = Sys.getenv("GITHUBTOKEN")
devtools::install_github("Sanofi-GitHub/bp-art-sanofi.risk.assessr", ref = "main", auth_token = auth_token)
from CRAN
r
options(repos = "http://cran.us.r-project.org")
installed.packages(sanofi.risk.asssessr)
Usage
Assessing your own package
To assess your package, do the following steps:
1 - save your package as a tar.gz file
- This can be done in
RStudio->Build Tab->More->Build Source Package
2 - Run the following code sample by loading or add path parameter to your
tar.gz package source code
``` r
for local tar.gz R package
riskassesspackage <- riskassesspkg()
riskassesspackage <- riskassesspkg(path/to/your/package) ```
Assessing from local renv.lock file
This function processes renv.lock to produce risk metric data for each package.
``` r
for local renv.lock file
riskassesspackage <- riskassesspkg(path/to/your/package) ```
Note: This process can be very time-consuming and is recommended to be performed as a batch job or within a GitHub Action.
Assessing Open source R package on CRAN or bioconductor
To check a source code package from CRAN or bioconductor, run the following code:
r
risk_assess_package <- assess_pkg_r_package(package_name, package_version)
Metrics and Risk assessment
``` r
Metadata
$pkg_name [1] "here"
$pkg_version [1] "1.0.1"
$pkgsourcepath C:/Users/xxxx/AppData/Local/Temp/Rtmp4A0ht7/tempfile8bec8fd299c/here "C:/Users/xxxx/AppData/Local/Temp/Rtmp4A0ht7/tempfile8bec8fd299c/here"
$date_time [1] "2025-02-19 14:25:39"
$executor [1] ""
$sysname [1] "Windows"
$version [1] "build 22631"
$release [1] "10 x64"
$machine [1] "x86-64"
$comments [1] " "
```
``` r
Documentation metric
$hasbugreports_url [1] 1
$license [1] 1
$has_examples [1] 1
$has_maintainer [1] 1
$size_codebase [1] 0.4680851
$has_news [1] 1
$hassourcecontrol [1] 1
$has_vignettes [1] 1
$has_website [1] 1
$news_current [1] 1
$export_help [1] 1
$export_calc [1] 0.6791787
$check [1] 0
$covr [1] 0.9867
$license_name [1] "MIT + file LICENSE" ```
``` r
Dependencies
$dependencies $dependencies$imports $dependencies$imports$rprojroot [1] "2.0.4"
$dependencies$suggests $dependencies$suggests$conflicted [1] "1.2.0"
$dependencies$suggests$covr [1] "3.6.4"
$dependencies$suggests$fs [1] "1.6.3"
$dependencies$suggests$knitr [1] "1.48"
$dependencies$suggests$palmerpenguins [1] "0.1.1"
$dependencies$suggests$plyr [1] "1.8.9"
$dependencies$suggests$readr [1] "2.1.5"
$dependencies$suggests$rlang [1] "1.1.3"
$dependencies$suggests$rmarkdown [1] "2.28"
$dependencies$suggests$testthat [1] "3.2.1.1"
$dependencies$suggests$uuid [1] "1.2-1"
$dependencies$suggests$withr [1] "3.0.1"
$dep_score [1] 0.04742587 ```
``` r
$suggested_deps
$suggested_deps
A tibble: 3 × 4
source suggestedfunction targetedpackage message
1 here 0 0 Please check if the targeted package should be in Imports
2 here f 0 Please check if the targeted package should be in Imports
3 i_am 0 0 Please check if the targeted package should be in Imports
```
``` r
reverse dependencies
$rev_deps
[1] "adepro" "APCalign" "archetyper" "ARUtools"
[5] "AzureAppInsights" "bdc" "BeeBDC" "blastula"
[9] "boxr" "bscui" "bsitar" "cache"
[13] "cape" "cbcTools" "ciTools" "clockify"
[17] "CohortCharacteristics" "CohortConstructor" "CohortSymmetry" "cpsvote"
[21] "cricketdata" "crosstalkr" "denguedatahub" "DescrTab2"
[25] "designit" "did" "diffEnrich" "diseasystore"
[29] "DrugExposureDiagnostics" "DrugUtilisation" "dtrackr" "dyn.log"
[33] "EIEntropy" "elaborator" "emayili" "EpiNow2"
[37] "filecacher" "flourishcharts" "flow" "folders"
[41] "formods" "froggeR" "fromhere" "funspotr"
[45] "fusen" "gghdx" "ggseg" "ghclass"
[49] "GIMMEgVAR" "GISSB" "gitignore" "golem"
[53] "graphicalMCP" "gtfsrouter" "Guerry" "heddlr"
[57] "heplots" "hkdatasets" "IncidencePrevalence" "isotracer"
[61] "ixplorer" "jetty" "justifier" "k5"
[65] "kindisperse" "logitr" "logrx" "longsurr"
[69] "lterdatasampler" "mailmerge" "maraca" "marginaleffects"
[73] "metabolic" "metR" "midfieldr" "MiscMetabar"
[77] "mlr3spatiotempcv" "morphemepiece" "naijR" "naniar"
[81] "nestedLogit" "nettskjemar" "omopgenerics" "OmopSketch"
[85] "OmopViewer" "organizr" "PatientProfiles" "pharmr"
[89] "phdcocktail" "PhenotypeR" "phsmethods" "popstudy"
[93] "precommit" "projects" "PUMP" "r4lineups"
[97] "RAINBOWR" "rang" "ratlas" "rdfp"
[101] "REDCapCAST" "regions" "reticulate" "retroharmonize"
[105] "ReviewR" "rfold" "rjtools" "rnassqs"
[109] "rsf" "rUM" "rworkflows" "salesforcer"
[113] "SCDB" "schtools" "SHAPforxgboost" "shiny2docker"
[117] "smdi" "socialmixr" "spanishoddata" "Spectran"
[121] "srppp" "stRoke" "styler" "tatooheene"
[125] "tcplfit2" "tfrmtbuilder" "tfruns" "tibble"
[129] "tidychangepoint" "tidyprompt" "tidyxl" "toxEval"
[133] "tsgc" "tugboat" "UKB.COVID19" "unpivotr"
[137] "upstartr" "validateIt" "vcdExtra" "vegawidget"
[141] "vembedr" "weed" "wither" "x3ptools"
[145] "xpose" "yum"
$revdep_score [1] 0.9782352 ```
``` r
Authorship
$author $author$maintainer [1] "Kirill Müller krlmlr+r@mailbox.org aut, cre"
$author$funder [1] "No package foundation found"
$author$authors
[1] "Kirill Müller krlmlr+r@mailbox.org aut, cre"
[2] "Jennifer Bryan jenny@rstudio.com ctb"
```
``` r
hosting
$host $host$github_links [1] "https://github.com/r-lib/here"
$host$cranlinks [1] "https://cran.r-project.org/src/contrib/here1.0.1.tar.gz"
$host$internal_links NULL
$host$bioconductor_links [1] "No Bioconductor link found" ```
``` r
Github data
$githubdata $githubdata$created_at [1] "2016-07-19T14:47:19Z"
$github_data$stars [1] 417
$github_data$forks [1] 43
$github_data$date [1] "2025-02-19"
$githubdata$recentcommits_count [1] 0 ```
``` r
version_info
$versioninfo $versioninfo$available_version [1] "0.1" "1.0.0" "1.0.1"
$versioninfo$lastversion
[1] "1.0.1"
r
CRAN download
$download $download$total_download [1] 9900000
$download$lastmonthdownload
[1] 338000
r
Risk
$overallriskscore [1] 0.2962086
$risk_profile [1] "Medium"
```
Check the RCMD check results
``` r
riskassesspackage$checklist$rescheck ```
R CMD check results
risk_assess_package$check_list$res_check
── R CMD check results ─────────────────────────────────────────────────────────── here 1.0.1 ────
Duration: 46.9s
0 errors ✔ | 0 warnings ✔ | 0 notes ✔
>
> # to check the RCMD check score
> risk_assess_package$check_list$check_score
[1] 1
Check the test coverage results
``` r
riskassesspackage$covr_list ```
Test coverage results
risk_assess_package$covr_list
$total_cov
[1] 0.9867
$res_cov
$res_cov$name
[1] "here-1.0.1"
$res_cov$coverage
$res_cov$coverage$filecoverage
R/aaa.R R/dr_here.R R/here.R R/i_am.R R/set_here.R R/zzz.R
100.00 100.00 100.00 95.83 100.00 100.00
$res_cov$coverage$totalcoverage
[1] 98.67
$res_cov$errors
[1] NA
$res_cov$notes
[1] NA
Check the traceability matrix
r
risk_assess_package$tm
Traceability Matrix
# A tibble: 4 × 5
exported_function function_type code_script documentation description coverage_percent
<chr> <chr> <chr> <chr> <chr> <dbl>
1 dr_here regular R/dr_here.R dr_here.Rd "dr_here() shows a message t… 100
2 here regular R/here.R here.Rd "here() uses a reasonable he… 100
3 i_am regular R/i_am.R i_am.Rd "Add a call to here::i_am(\"… 95.8
4 set_here regular R/set_here.R set_here.Rd "html<a href='https://www.ti… 100
Publication/presentation
PHUSE 2025 Presentations – Sanofi
Conference: Connect 2025
Location: Orlando, US
Session ID: OS17
Title: Risk.assessr: A Tool for Assessing and Mitigating Risks with Open-Source R Packages in Clinical Trials
Presenters: Andre Couturier, Edward Gillian
Co-Authors: Hugo Bottois, Paulin Charliquart
Company: Sanofi
MaterialsConference: PHUSE SDE 2025
Location: Beijing, China
Title: CI/CD in R Package Development with Integrated Risk Assessment
Presenter: Neo Yang
Co-Authors: Hugo Bottois, Paulin Charliquart, Andre Couturier
Company: Sanofi
MaterialsConference: EU Connect 2025
Location: Hamburg, Germany
Session ID: CT10
Title: Risk.assessr: Extracting OOP Function Details
Presenter: Edward Gillian
Co-Authors: Hugo Bottois, Paulin Charliquart, Andre Couturier
Company: Sanofi
Materials / Status:- Ongoing
Citation
Gillian E, Bottois H, Charliquart P, Couturier A (2025). sanofi.risk.assessr: Assessing Package Risk Metrics. R package version 2.0.0, https://probable-chainsaw-kgro2o7.pages.github.io/.
@Manual{,
title = {sanofi.risk.assessr: Assessing Package Risk Metrics},
author = {Edward Gillian and Hugo Bottois and Paulin Charliquart and Andre Couturier},
year = {2025},
note = {R package version 2.0.0},
url = {https://probable-chainsaw-kgro2o7.pages.github.io/},
}
Current/Future directions
- Github action to call risk.assessr data (from R package/renv managed project)
- More fine grained features for test coverage report
- Produce database of risk assessment for Sanofi packages
Acknowledgements
The project is inspired by the
riskmetric package and the
mpn.scorecard
package and draws on some of their ideas and functions.
Owner
- Name: Sanofi-Public
- Login: Sanofi-Public
- Kind: organization
- Website: https://www.sanofi.com/
- Twitter: sanofi
- Repositories: 2
- Profile: https://github.com/Sanofi-Public
Together, we chase the miracles of science
GitHub Events
Total
- Create event: 3
- Release event: 1
- Issues event: 5
- Watch event: 38
- Delete event: 2
- Issue comment event: 11
- Push event: 5
- Pull request review event: 1
- Pull request event: 3
- Fork event: 2
Last Year
- Create event: 3
- Release event: 1
- Issues event: 5
- Watch event: 38
- Delete event: 2
- Issue comment event: 11
- Push event: 5
- Pull request review event: 1
- Pull request event: 3
- Fork event: 2
Issues and Pull Requests
Last synced: 10 months ago
All Time
- Total issues: 2
- Total pull requests: 2
- Average time to close issues: about 1 month
- Average time to close pull requests: 5 days
- Total issue authors: 2
- Total pull request authors: 2
- Average comments per issue: 2.5
- Average comments per pull request: 0.5
- Merged pull requests: 2
- Bot issues: 0
- Bot pull requests: 0
Past Year
- Issues: 2
- Pull requests: 2
- Average time to close issues: about 1 month
- Average time to close pull requests: 5 days
- Issue authors: 2
- Pull request authors: 2
- Average comments per issue: 2.5
- Average comments per pull request: 0.5
- Merged pull requests: 2
- Bot issues: 0
- Bot pull requests: 0
Top Authors
Issue Authors
- llrs-roche (1)
- yonisidi (1)
Pull Request Authors
- PatrickRWright (1)
- shbiom (1)
Top Labels
Issue Labels
Pull Request Labels
Packages
- Total packages: 1
-
Total downloads:
- cran 190 last-month
- Total dependent packages: 0
- Total dependent repositories: 0
- Total versions: 2
- Total maintainers: 1
cran.r-project.org: risk.assessr
Assessing Package Risk Metrics
- Homepage: https://sanofi-public.github.io/risk.assessr/
- Documentation: http://cran.r-project.org/web/packages/risk.assessr/risk.assessr.pdf
- License: GPL-2 | GPL-3 [expanded from: GPL (≥ 2)]
-
Latest release: 2.0.1
published 10 months ago
Rankings
Maintainers (1)
Dependencies
- actions/checkout v4 composite
- r-lib/actions/check-r-package v2 composite
- r-lib/actions/setup-pandoc v2 composite
- r-lib/actions/setup-r v2 composite
- r-lib/actions/setup-r-dependencies v2 composite
- JamesIves/github-pages-deploy-action v4.4.3 composite
- actions/checkout v4 composite
- r-lib/actions/setup-pandoc v2 composite
- r-lib/actions/setup-r v2 composite
- r-lib/actions/setup-r-dependencies v2 composite
- actions/checkout v4 composite
- r-lib/actions/setup-r v2 composite
- r-lib/actions/setup-r-dependencies v2 composite
- actions/checkout v4 composite
- actions/upload-artifact v3 composite
- r-lib/actions/setup-r v2 composite
- r-lib/actions/setup-r-dependencies v2 composite
- R >= 4.1.0 depends
- callr * imports
- checkmate * imports
- covr * imports
- devtools * imports
- dplyr * imports
- httr2 * imports
- jsonlite * imports
- lubridate * imports
- purrr * imports
- rcmdcheck * imports
- remotes * imports
- rlang * imports
- forcats * suggests
- fs * suggests
- glue * suggests
- here * suggests
- knitr * suggests
- magrittr * suggests
- mockery * suggests
- openxlsx * suggests
- pkgload * suggests
- readr * suggests
- rmarkdown * suggests
- roxygen2 * suggests
- stringr >=1.4.0 suggests
- testthat >= 3.0.0 suggests
- tibble * suggests
- tidyr * suggests
- tidyselect * suggests
- tools * suggests
- utils * suggests
- withr * suggests