create_xref_whitelist {rosv} | R Documentation |
Cross reference a whitelist of packages to a vulnerability database
Description
Search for package names for vulnerability information and selectively drop packages or define specific versions that should not be used in a curated repository.
Usage
create_xref_whitelist(packages, ecosystem, output_format = NULL)
Arguments
packages |
Character vector of package names. |
ecosystem |
Character vector of ecosystem(s) within which the package(s) exist. |
output_format |
Type of output to create (default is |
Details
Note that some version suffixes may have compatibility issues. For example, the use of *-git as a suffix may not be recognized and may need to be dropped. For more details on PyPI package version naming see https://peps.python.org/pep-0440/.
Due to variations in formatting from the OSV API, not all responses have versions associated and are not directly compatible with this function.
Although the default output is a data.frame
, for PyPI packages a requirements.txt
format can be
created that defines which versions should not be allowed based upon the cross-referencing performed. This can be
useful when curating repositories in Posit Package Manager.
Value
A data.frame
or character vector containing cross-referenced packages.
See Also
Examples
# Return xref dataset for CRAN package selection
cran_pkg <- c('readxl', 'dplyr')
cran_xref <- create_xref_whitelist(cran_pkg, ecosystem = 'CRAN')
# Create a requirements.txt with excluded versions
python_pkgs <- c('dask', 'aaiohttp', 'keras')
xref_pkg_list <- create_xref_whitelist(python_pkgs,
ecosystem = 'PyPI',
output_format = 'requirements.txt')
file_name <- file.path(tempdir(), 'requirements.txt')
writeLines(xref_pkg_list, file_name)
# Clean up
try(unlink(file_name))