search

pharmaR / riskmetric

Metrics to evaluate the risk of R packages
https://pharmar.github.io/riskmetric/
Other
159 stars 30 forks source link

New metric: The size of a whole dependency tree #309

Open pawelru opened 1 year ago

pawelru commented 1 year ago

I think that the size of the whole dependency tree should be used instead of number of directly dependent packages as it truly reflects how dependent your package is. Also, this should not account base (and recommended?) packages - e.g. a foo package that depends on some unknown bar package only is more risker than baz package that depends on e.g. methods, tools and utils.

some code snipped that you might find useful

library(magrittr)

x <- pkgdepends::new_pkg_deps("dplyr")
x$resolve()
#> ℹ Loading metadata database
#> ✔ Loading metadata database ... done
#> 
x$get_resolution()
#> # A data frame: 32 × 30
#>    ref    type  direct directpkg status package version license needscompilation
#>    <chr>  <chr> <lgl>  <lgl>     <chr>  <chr>   <chr>   <chr>   <lgl>           
#>  1 R6     stan… FALSE  FALSE     OK     R6      2.5.1   MIT + … FALSE           
#>  2 cli    stan… FALSE  FALSE     OK     cli     3.6.1   MIT + … FALSE           
#>  3 dplyr  stan… TRUE   TRUE      OK     dplyr   1.1.2   MIT + … FALSE           
#>  4 fansi  stan… FALSE  FALSE     OK     fansi   1.0.4   GPL-2 … FALSE           
#>  5 gener… stan… FALSE  FALSE     OK     generi… 0.1.3   MIT + … FALSE           
#>  6 glue   stan… FALSE  FALSE     OK     glue    1.6.2   MIT + … FALSE           
#>  7 lifec… stan… FALSE  FALSE     OK     lifecy… 1.0.3   MIT + … FALSE           
#>  8 magri… stan… FALSE  FALSE     OK     magrit… 2.0.3   MIT + … FALSE           
#>  9 pillar stan… FALSE  FALSE     OK     pillar  1.9.0   MIT + … FALSE           
#> 10 pkgco… stan… FALSE  FALSE     OK     pkgcon… 2.0.3   MIT + … FALSE           
#> # ℹ 22 more rows
#> # ℹ 21 more variables: priority <chr>, md5sum <chr>, sha256 <chr>,
#> #   filesize <int>, built <chr>, platform <chr>, rversion <chr>,
#> #   repotype <chr>, repodir <chr>, target <chr>, deps <list>, mirror <chr>,
#> #   sources <list>, remote <list>, error <list>, metadata <list>, extra <list>,
#> #   dep_types <list>, params <list>, sysreqs <chr>, cache_status <chr>

base_pkgs <- rownames(utils::installed.packages(priority = "high"))

x$get_resolution() %>%
    dplyr::filter(!(package %in% base_pkgs)) %>%
    dplyr::distinct(package) %>%
    dplyr::count() %>%
    dplyr::pull()
#> [1] 16

Created on 2023-08-16 with reprex v2.0.2