Search the OSS Index for known package vulnerabilities in any of the supported ecosystems— e.g. CRAN, PyPI, Conda, NPM, Maven, etc. see https://ossindex.sonatype.org/ecosystems for full list.

audit(pkg, version, type, verbose = TRUE)

Arguments

pkg

A vector of package names to search in the OSS Index.

version

The specific package version to search for. By default it will search all known versions. If not *, must be the same length as pkg.

type

The package management environment. For R packages, set equal to "cran". This defaults to "cran". See https://ossindex.sonatype.org/ecosystems.

verbose

Default TRUE.

Examples

# \donttest{ pkg = c("abind", "acepack") version = c("1.4-5", "1.4.1") audit(pkg, version, type = "cran")
#> Using cached results for 0 packages
#>
#> ── Calling sonatype API: https://www.sonatype.com/ ──
#>
#> → No Sonatype tokens found
#> Calling API: batch 1 of 1
#>
#> ── Vulnerability overview ──
#>
#> 2 packages were scanned
#> 0 packages had known vulnerabilities
#> A total of 0 known vulnerabilities were identified
#> See https://github.com/sonatype-nexus-community/oysteR/ for details.
#> # A tibble: 2 x 8 #> package version type oss_package description reference vulnerabilities #> <chr> <chr> <chr> <chr> <chr> <chr> <list> #> 1 abind 1.4-5 cran pkg:cran/ab… "abind: Comb… https://oss… <list [0]> #> 2 acepack 1.4.1 cran pkg:cran/ac… "acepack: AC… https://oss… <list [0]> #> # … with 1 more variable: no_of_vulnerabilities <int>
# }