riskmetric is a collection of risk metrics to evaluate the quality of R packages.
This package is in experimentation. Final considerations about design are being considered, but core concepts are considered final.
The risk of using an R package is evaluated based on a number of metrics meant to evaluate development best practices, code documentation, community engagement and development sustainability. We hope to provide a framework to quantify risk by assessing these metrics. This package serves as a starting point for exploring the heterogeneity of code quality, and begin a broader conversation about the validation of R packages. Primarily, this effort aims to provide some context for validation within regulated industries.
We separate three steps in the workflow to assess the risk of an R package using
The results will be assembled in a dataset of validation criteria containing an overall risk score for each package as shown in the example below.
riskmetric is not yet on CRAN. Until it is, install it using
Scrape metadata locally or remotely, then assess that metadata and score it to estimate risk. For each package, derive a composite measure of risk, or a collection of individual scores which can be easily used to generate validation reports.
We have a bi-weekly sprint meeting for developers to discuss the progress.
email@example.com be added to the meeting.
riskmetric is centrally a community project. Comfort with a quantification of risk comes via consensus, and for that this project is dependent on close community engagement. There are plenty of ways to help: