Interesting. That would also mean that putting a company repo first does
not protect against dependency confusion attacks (people intentionally
uploading packages with the same name as company internal packages on
CRAN;
On 1 April 2024 at 17:44, Uwe Ligges wrote:
| Untested:
|
| install.packages() calls available.packages() to find out which packages
| are available - and passes a "filters" argument if supplied.
| That can be a user defined filter. It should be possible to write a user
| defined filter which
Jan,
Thats only the case if you want to allow later version numbers to override
the versions in the internal repository, the "known-good" is more important
than "latest" point above.
Having a defined set of dependencies while still maintaining currency is a
difficult problem. Always fetching
On 02.04.2024 14:07, Dirk Eddelbuettel wrote:
On 1 April 2024 at 17:44, Uwe Ligges wrote:
| Untested:
|
| install.packages() calls available.packages() to find out which packages
| are available - and passes a "filters" argument if supplied.
| That can be a user defined filter. It should be
If your company is going to ensure that a package called pkgCompany is
only looked for in a local repo by installl.packages() and friends,
I think in your cpmpany wide R installation you can set the option
"available_packages_filters" to a self written one that is exclusively
reporting results
