Risk assessing packages
Document development, review and version history
Development and Review
| Name | Date | |
|---|---|---|
| Authored/Revised by | XXXXXXXXXX | xxxx-xx-xx |
| Reviewed by | YYYYYYYYYY | xxxx-xx-xx |
| Released by | ZZZZZZZZZZ | xxxx-xx-xx |
Version History
| Version | Date | Author | Summary of Changes |
|---|---|---|---|
| 0.1 | xxxx-xx-xx | XXXXXXXXXX | Initial draft |
This page functions as the work instruction for the risk assessment of R packages within the SCTO Statistics & Methodology Platform framework.
In order to perform a risk assessment:
- first, check whether the package has already been risk assessed. This can be done by any of the following methods:
- the
check_sessionfunction from the R packagevalidationcan be used from within your R session to check if a package has been risk assessed. - check the table on the Package assessment page of this site
- check for the package in the package validation GitHub repository by searching for it among the issues using the search bar towards the top of the page (remember to remove the is:open filter). E.g. to search for dplyr, the search might be
is:issue dplyr
- the
- if it has been risk assessed, check the associated risk and consider whether any functions within package need additional testing for your use case.
- if it has not been risk assessed, go to the package validation GitHub repository
- click the green “New issue” button (towards the top right)
- select the New package risk assessment template by clicking the green Get started button on the right
- fill in the form, following the instructions provided. Additional notes on the risk metrics can be found on the Risk metrics page.
- Note that the R package
validationcontains various useful functions to help with the risk assessment process. Especially useful are:get_n_deps, which returns the number of dependencies of a package,get_12month_downloadswhich returns the number of downloads of a package in the last 12 months, andget_release_datefinds the release date of a package.
- Note that the R package
- Once you have completed the form, click the green “Submit new issue” button at the bottom of the page.
- Submitting the form will trigger an automated job that will calculate the risk based on the information you entered into the form and post a comment on the issue.