Visualising R Package Risk Assessments using Litmus

A few years ago, we started working with a global pharma company who brought us a particularly thorny challenge. They wanted to use R for FDA submissions—but every package they introduced had to pass through a slow, resource-intensive process to be risk assessed and approved. They’re sadly unable to be gung-ho about what R tooling they use, needing instead to be thoughtful and meticulous, considering the statistical rigour, reproducibility, stability and security before including the tools in their production environment. In practice, this meant that it would take up to two years for them to be able to approve a new R package for use. Ouch.
After performing an audit of their process, we identified a few areas where we could create efficiencies. Our goal: automate everything that could be automated, reducing the manual burden on reviewers while improving consistency and traceability. Development began in earnest last year, and the result is the Litmusverse?, a suite of R packages that allows us to risk assess your R package collection, report on the findings and rescue high-risk packages that are business critical.
Everything then packaged into one easy to use application
Does your package pass the {litmus} test?
What is the Litmusverse? {litmus} grabs your R package metadata and generates valuable quality insights. {litmus.score} transforms these outputs into targeted quality scores—code, documentation, popularity, maintenance—plus an overall package rating. {litmus.report} delivers this intelligence in PDFs for permanent records. {litmus.dashboard} offers a comprehensive overview, empowering R library managers with better decision-making tools and streamlined record-keeping.
Our approach is agnostic regarding the package source - it doesn’t matter if your package is hosted on CRAN, BioConductor or an internal repository. We can risk assess and remediate it all the same. You can read more about our approach to risk assessment in a recent blog post.
Our aim is to help clients curate a risk-assessed collection of packages, to continue driving innovation using R. Keep an eye out for upcoming blogposts outlining the details of our approach. In the meantime…
Give our dashboard a spin!
We have prepared a Shiny app that allows you to interact with a collection of packages that we have assessed and scored, using {litmus} tools and our new scoring strategy. We’ll be publishing more details about our approach to scoring in the coming weeks. In the app, you will be able to assess the high-level qualities of a package collection, including the distribution of scores:

If you click on ‘Package List’ you’ll be able to see the collection’s metrics in a detailed, sortable table:

If you click on an individual row in this table, it will take you through to a detailed breakdown for the individual package, providing an overview of its score within the collection:

You can also drill down into a visual representation of each feature within the context of the collection of packages:

Ready to put your packages to the test?
The free version of our app allows you to view a subset of CRAN packages. If you are keen to unlock the full potential of Litmus, i.e. customise the package list that is displayed, include your own internally developed packages or non-CRAN packages, record decisions about including a package in your environment, retrieve PDF reports for long-term storage, and remediate business critical packages, we’re ready to help.
Get in touch with us to discuss how we can help you curate a robust R ecosystem using the Litmusverse. As official Posit partners, we are also at the ready to assist you with setting up your ideal R Development environment. For more information about our other Data Science and Data Engineering services, please visit the Jumping Rivers website.
To find out more about how we can facilitate your organisation’s adoption of open-source, please contact us. Contact Us
