Risk Assessment with Custom Configurations

Introduction

The assess_pkg_r_package() function in the risk.assessr package allows users to evaluate the risk of an R package. You can pass a custom risk configuration to control how risk levels are interpreted.

This vignette demonstrates:

Running the function with the default risk configuration
Running it with two different custom configurations

Load the Package

library(risk.assessr)
options(repos = c(CRAN = "http://cran.us.r-project.org"))

Example 1: Use Default Configuration

result_default <- risk.assessr::assess_pkg_r_package("stringr")

str(result_default$risk_analysis)

Example 2: Use Custom Configuration (Strict Code Coverage)


strict_coverage_config <- list(
  list(
    label = "code coverage",
    id = "code_coverage",
    key = "code_coverage",
    thresholds = list(
      list(level = "high", max = 0.9999),
      list(level = "low", max = NULL)
    )
  ),
  list(
    label = "popularity",
    id = "popularity",
    key = "last_month_download",
    thresholds = list(
      list(level = "high", max = 21200000),          
      list(level = "medium", max = 11200000),      
      list(level = "low", max = NULL)       
    )
  )
)

# Set the option
options(risk.assessr.risk_definition = strict_coverage_config)
result_strict <- risk.assessr::assess_pkg_r_package("stringr")

str(result_strict$risk_analysis)

Summary

The risk_config parameter allows you to tailor the risk scoring logic to your organization’s policies. You can use it to enforce stricter standards, accommodate internal tooling priorities, or meet compliance requirements.