Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkg_score() results differs for pkg_install() and pkg_source() #315

Open
paulie-of-punskas opened this issue Oct 4, 2023 · 1 comment
Open

pkg_score() results differs for pkg_install() and pkg_source() #315

paulie-of-punskas opened this issue Oct 4, 2023 · 1 comment

Comments

@paulie-of-punskas
Copy link
Collaborator

paulie-of-punskas commented Oct 4, 2023
edited
Loading

Hello. I have noticed, that running pkg_score() returns different results, when run for pkg_source() and pkg_install(). I tested them with riskmetric 0.2.3, on askpass 1.1, dplyr 1.0.5 and openssl 1.4.3 packages. Shouldn't the results be equal? If not, which reference should be used for assessing package risk?

Reproducible code:

# === load riskmetric library
library("riskmetric")
library("magrittr")

# === create testing environment
dir.create(paste0(tempdir(), "/test_riskmetric"))
dir.create(paste0(tempdir(), "/test_riskmetric/source"))
dir.create(paste0(tempdir(), "/test_riskmetric/library"))
dir.create(paste0(tempdir(), "/test_riskmetric/downloads"))

# === download and unpack files
pkgs <- c("askpass", "dplyr", "openssl")
download.packages(pkgs, destdir = paste0(tempdir(), "/test_riskmetric/downloads"))

lapply(list.files(paste0(tempdir(), "/test_riskmetric/downloads"), full.names = TRUE),
       untar, 
       exdir = paste0(tempdir(), "/test_riskmetric/source"))

# === install packages
install.packages(pkgs, lib = paste0(tempdir(), "/test_riskmetric/library"))

# === get scores
dplyr_src <- pkg_ref(x = paste0(tempdir(), "/test_riskmetric/source/dplyr")) %>% 
  pkg_assess(assessments = riskmetric::all_assessments()) %>% 
  pkg_score() %>%
  unlist()

dplyr_lib <- pkg_ref(x = "dplyr", source = "pkg_install", lib.loc = paste0(tempdir(), "/test_riskmetric/library")) %>% 
  pkg_assess(assessments = riskmetric::all_assessments()) %>% 
  pkg_score() %>% 
  unlist()

Below you can see the differences in metrics:
image

Thanks and greetings.
@emilliman5
Copy link
Collaborator

The results should not be equal. As to which to use, that is up to you and your use case.

  1. Not all assessments/metrics are available for all ref sources, this is by design, as not all info is available for all sources (e.g. unit tests are not available for installed packages so there is no way to run code coverage for an installed package). That said we are working toward implementing as many assessments/metrics for as many sources as possible as we mature the package. We are evening discussing/designing chaining source together to create as complete a score as possible.

  2. There are small discrepancies in scores when computing from different sources. So far these have been negligible so we have back logged this issue for now. Between source code and installation there are some things R does to "compile" the package that I haven't yet fully investigated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@emilliman5 @paulie-of-punskas