Open paulie-of-punskas opened 12 months ago
The results should not be equal. As to which to use, that is up to you and your use case.
1) Not all assessments/metrics are available for all ref sources, this is by design, as not all info is available for all sources (e.g. unit tests are not available for installed packages so there is no way to run code coverage for an installed package). That said we are working toward implementing as many assessments/metrics for as many sources as possible as we mature the package. We are evening discussing/designing chaining source together to create as complete a score as possible.
2) There are small discrepancies in scores when computing from different sources. So far these have been negligible so we have back logged this issue for now. Between source code and installation there are some things R does to "compile" the package that I haven't yet fully investigated.
Hello. I have noticed, that running
pkg_score()
returns different results, when run forpkg_source()
andpkg_install()
. I tested them with riskmetric 0.2.3, on askpass 1.1, dplyr 1.0.5 and openssl 1.4.3 packages. Shouldn't the results be equal? If not, which reference should be used for assessing package risk?Reproducible code:
Below you can see the differences in metrics:
Thanks and greetings.