{"id":11648,"date":"2018-11-14T08:47:47","date_gmt":"2018-11-14T13:47:47","guid":{"rendered":"https:\/\/rud.is\/b\/?p=11648"},"modified":"2018-11-14T08:47:47","modified_gmt":"2018-11-14T13:47:47","slug":"use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe","status":"publish","type":"post","link":"https:\/\/rud.is\/b\/2018\/11\/14\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\/","title":{"rendered":"Use GitHub Vulnerability Alerts to Keep Users of Your R Packages Safe"},"content":{"rendered":"

Despite their now inherent evil status, GitHub has some tools other repository aggregators do not. One such tool is the free vulnerability alert service<\/a> which will scan repositories for outdated+vulnerable dependencies.<\/p>\n

Now, “R” is nowhere near a first-class citizen in the internet writ large, including software development tooling (e.g. the Travis-CI and GitLab continuous integration recipes are community<\/em> maintained vs a first-class\/supported offering). This also means that GitHub’s service will never check for nor alert when a pure R package has security issues, mostly due to the fact that there’s only a teensy few of us who even bother to check packages for issues once in a while and there’s no real way to report said issues into the CVE process easily (though I guess<\/em> I could given that my $DAYJOB is an official CVE issuer), so the integrity & safety of the R package ecosystem is still in the “trust me, everything’s ?!!”<\/em> state. Given that, any extra way to keep even some<\/em> R packages less insecure is great.<\/p>\n

So, right now you’re thinking “you click-baited us with a title that your lede just said isn’t possible…WTHeck?!<\/em>.<\/p>\n

It’s true that GitHub does not consider R a first-class citizen, but<\/em> it does support Java and:<\/p>\n

    available.packages() %>% \n      dplyr::as_data_frame() %>% \n      tidyr::separate_rows(Imports, sep=\",[[:space:]]*\") %>% # we really just\n      tidyr::separate_rows(Depends, sep=\",[[:space:]]*\") %>% # need these two\n      tidyr::separate_rows(Suggests, sep=\",[[:space:]]*\") %>%\n      tidyr::separate_rows(Enhances, sep=\",[[:space:]]*\") %>%\n      dplyr::select(Package, Imports, Depends) %>% \n      filter(\n        grepl(\"rJava\", Imports) | grepl(\"rJava\", \"Depends\") | \n          grepl(\"Suggests\", Imports) | grepl(\"Enhances\", \"Depends\")\n      ) %>% \n      dplyr::distinct(Package) %>% \n      dplyr::summarise(total_pkgs_using_rjava = n())\n    ## # A tibble: 1 x 1\n    ##   total_pkgs_using_rjava\n    ##                    <int>\n    ## 1                     66\n<\/code><\/pre>\n
according to \u261d there are 66 CRAN packages that require rJava<\/code>, seven of which explicitly provide only JARs (a compressed directory tree of supporting Java classes). There are more CRAN-unpublished rJava<\/code>-based projects on GitLab & GitHub, but it’s likely that public-facing rJava<\/code> packages that include or depend on public JAR-dependent projects still number less than ~200. Given the now >13K packages in CRAN, this is a tiny subset but with the sorry state of R security, anything is better than nothing.<\/p>\n
Having said that, one big reason (IMO) for the lack of Java-wrapped CRAN or “devtools”-only released rJava<\/code>-dependent packages it that it’s 2018 and you still have better odds of winning a Vegas-jackpot than you do getting rJava<\/code> to work on your workstation in less than 4 tries and especially after an OS upgrade. That’s sad<\/em> since there are many wonderful, solid and useful Java libraries that would be super-handy for many workflows yet most of us (I’m including myself) package-writers prefer to spin wheels to get C++ or Rust libraries working with R than try to make it easier for regular R users to tap into that rich Java ecosystem.<\/p>\n
But, I digress.<\/p>\n
For the handful of us that do write and use rJava<\/code>-based packages, we can better serve our userbase by deliberately putting those R+Java repos on GitHub. Now, I hear you. They’re evil and by doing this one of the most evil corporations on the planet can make money with your metadata (and, possibly just blatantly steal your code for use in-product without credit) but I’ll give that up on a case-by-case basis to make it easier to keep users safe.<\/p>\n
Why will this enhance safety? Go take a look at one of my non-CRAN rJava<\/code>-backed packages: pdfbox<\/code>?<\/a>. It has this awesome<\/em> “in-your-face” security warning banner:<\/p>\n
\"\"<\/a><\/p>\n
The vulnerability is CVE-2018-11797 which is baseline computed to be “high severity” with a the following specific weakness: In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.<\/em>. So, it’s a process denial of service vulnerability. You’ll also note I haven’t updated the JARs yet (mostly since it’s not a code-execution vulnerability).<\/p>\n
I knew about this 28 days ago (I’ve been incredibly busy and there’s alot of blather required to talk about it, hence the delay in blogging) thanks to the GitHub service and will resolve it when I get some free time over the Thanksgiving break. I received an alert for this, there are hooks<\/a> for security alerts (so one can auto-create an issue) and there’s a warning for users and any of them could file an issue to let me know it’s super-important to them that I get it fixed (or they could be super-awesome and file a PR :-).<\/p>\n
FIN<\/h3>\n
The TLDR is (first) a note — to package authors — who use rJava<\/code> to bite the GitHub bullet and take advantage of this free service; and, (second) — to users — to encourage use of this service by authors of packages you use and to keep a watchful eye out for any security alerts for code you depend on to get things done.<\/p>\n
A (perhaps) third and final note is for all of us to be to continually mindful about the safety & integrity of the R package ecosystem and do what we can to keep moving it forward.<\/p>\n","protected":false},"excerpt":{"rendered":"
Despite their now inherent evil status, GitHub has some tools other repository aggregators do not. One such tool is the free vulnerability alert service which will scan repositories for outdated+vulnerable dependencies. Now, “R” is nowhere near a first-class citizen in the internet writ large, including software development tooling (e.g. the Travis-CI and GitLab continuous integration […]<\/p>\n","protected":false},"author":1,"featured_media":11650,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[681,91],"tags":[],"class_list":["post-11648","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-r"],"yoast_head":"\nUse GitHub Vulnerability Alerts to Keep Users of Your R Packages Safe - rud.is<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/rud.is\/b\/2018\/11\/14\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Use GitHub Vulnerability Alerts to Keep Users of Your R Packages Safe - rud.is\" \/>\n<meta property=\"og:description\" content=\"Despite their now inherent evil status, GitHub has some tools other repository aggregators do not. One such tool is the free vulnerability alert service which will scan repositories for outdated+vulnerable dependencies. Now, “R” is nowhere near a first-class citizen in the internet writ large, including software development tooling (e.g. the Travis-CI and GitLab continuous integration […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/rud.is\/b\/2018\/11\/14\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\/\" \/>\n<meta property=\"og:site_name\" content=\"rud.is\" \/>\n<meta property=\"article:published_time\" content=\"2018-11-14T13:47:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/11\/Screen-Shot-2018-11-14-at-08.43.14.png?fit=2028%2C716&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"2028\" \/>\n\t<meta property=\"og:image:height\" content=\"716\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"hrbrmstr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hrbrmstr\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2018\\\/11\\\/14\\\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2018\\\/11\\\/14\\\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\\\/\"},\"author\":{\"name\":\"hrbrmstr\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"headline\":\"Use GitHub Vulnerability Alerts to Keep Users of Your R Packages Safe\",\"datePublished\":\"2018-11-14T13:47:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2018\\\/11\\\/14\\\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\\\/\"},\"wordCount\":800,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"image\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2018\\\/11\\\/14\\\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2018\\\/11\\\/Screen-Shot-2018-11-14-at-08.43.14.png?fit=2028%2C716&ssl=1\",\"articleSection\":[\"Cybersecurity\",\"R\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/rud.is\\\/b\\\/2018\\\/11\\\/14\\\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2018\\\/11\\\/14\\\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\\\/\",\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/2018\\\/11\\\/14\\\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\\\/\",\"name\":\"Use GitHub Vulnerability Alerts to Keep Users of Your R Packages Safe - rud.is\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2018\\\/11\\\/14\\\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2018\\\/11\\\/14\\\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2018\\\/11\\\/Screen-Shot-2018-11-14-at-08.43.14.png?fit=2028%2C716&ssl=1\",\"datePublished\":\"2018-11-14T13:47:47+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2018\\\/11\\\/14\\\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/rud.is\\\/b\\\/2018\\\/11\\\/14\\\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2018\\\/11\\\/14\\\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2018\\\/11\\\/Screen-Shot-2018-11-14-at-08.43.14.png?fit=2028%2C716&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2018\\\/11\\\/Screen-Shot-2018-11-14-at-08.43.14.png?fit=2028%2C716&ssl=1\",\"width\":2028,\"height\":716},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2018\\\/11\\\/14\\\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/rud.is\\\/b\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Use GitHub Vulnerability Alerts to Keep Users of Your R Packages Safe\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#website\",\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/\",\"name\":\"rud.is\",\"description\":\""In God we trust. All others must bring data"\",\"publisher\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/rud.is\\\/b\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\",\"name\":\"hrbrmstr\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"width\":460,\"height\":460,\"caption\":\"hrbrmstr\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\"},\"description\":\"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7\",\"sameAs\":[\"http:\\\/\\\/rud.is\"],\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/author\\\/hrbrmstr\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Use GitHub Vulnerability Alerts to Keep Users of Your R Packages Safe - rud.is","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/rud.is\/b\/2018\/11\/14\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\/","og_locale":"en_US","og_type":"article","og_title":"Use GitHub Vulnerability Alerts to Keep Users of Your R Packages Safe - rud.is","og_description":"Despite their now inherent evil status, GitHub has some tools other repository aggregators do not. One such tool is the free vulnerability alert service which will scan repositories for outdated+vulnerable dependencies. Now, “R” is nowhere near a first-class citizen in the internet writ large, including software development tooling (e.g. the Travis-CI and GitLab continuous integration […]","og_url":"https:\/\/rud.is\/b\/2018\/11\/14\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\/","og_site_name":"rud.is","article_published_time":"2018-11-14T13:47:47+00:00","og_image":[{"width":2028,"height":716,"url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/11\/Screen-Shot-2018-11-14-at-08.43.14.png?fit=2028%2C716&ssl=1","type":"image\/png"}],"author":"hrbrmstr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"hrbrmstr","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/rud.is\/b\/2018\/11\/14\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\/#article","isPartOf":{"@id":"https:\/\/rud.is\/b\/2018\/11\/14\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\/"},"author":{"name":"hrbrmstr","@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"headline":"Use GitHub Vulnerability Alerts to Keep Users of Your R Packages Safe","datePublished":"2018-11-14T13:47:47+00:00","mainEntityOfPage":{"@id":"https:\/\/rud.is\/b\/2018\/11\/14\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\/"},"wordCount":800,"commentCount":2,"publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"image":{"@id":"https:\/\/rud.is\/b\/2018\/11\/14\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/11\/Screen-Shot-2018-11-14-at-08.43.14.png?fit=2028%2C716&ssl=1","articleSection":["Cybersecurity","R"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/rud.is\/b\/2018\/11\/14\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/rud.is\/b\/2018\/11\/14\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\/","url":"https:\/\/rud.is\/b\/2018\/11\/14\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\/","name":"Use GitHub Vulnerability Alerts to Keep Users of Your R Packages Safe - rud.is","isPartOf":{"@id":"https:\/\/rud.is\/b\/#website"},"primaryImageOfPage":{"@id":"https:\/\/rud.is\/b\/2018\/11\/14\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\/#primaryimage"},"image":{"@id":"https:\/\/rud.is\/b\/2018\/11\/14\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/11\/Screen-Shot-2018-11-14-at-08.43.14.png?fit=2028%2C716&ssl=1","datePublished":"2018-11-14T13:47:47+00:00","breadcrumb":{"@id":"https:\/\/rud.is\/b\/2018\/11\/14\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/rud.is\/b\/2018\/11\/14\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/rud.is\/b\/2018\/11\/14\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\/#primaryimage","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/11\/Screen-Shot-2018-11-14-at-08.43.14.png?fit=2028%2C716&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/11\/Screen-Shot-2018-11-14-at-08.43.14.png?fit=2028%2C716&ssl=1","width":2028,"height":716},{"@type":"BreadcrumbList","@id":"https:\/\/rud.is\/b\/2018\/11\/14\/use-github-vulnerability-alerts-to-keep-users-of-your-r-packages-safe\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/rud.is\/b\/"},{"@type":"ListItem","position":2,"name":"Use GitHub Vulnerability Alerts to Keep Users of Your R Packages Safe"}]},{"@type":"WebSite","@id":"https:\/\/rud.is\/b\/#website","url":"https:\/\/rud.is\/b\/","name":"rud.is","description":""In God we trust. All others must bring data"","publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/rud.is\/b\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886","name":"hrbrmstr","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","width":460,"height":460,"caption":"hrbrmstr"},"logo":{"@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1"},"description":"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7","sameAs":["http:\/\/rud.is"],"url":"https:\/\/rud.is\/b\/author\/hrbrmstr\/"}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/11\/Screen-Shot-2018-11-14-at-08.43.14.png?fit=2028%2C716&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p23idr-31S","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":4547,"url":"https:\/\/rud.is\/b\/2016\/07\/24\/mid-year-r-packages-update-summary\/","url_meta":{"origin":11648,"position":0},"title":"Mid-year R Packages Update Summary","author":"hrbrmstr","date":"2016-07-24","format":false,"excerpt":"I been updating some existing packages and github-releasing new ones (before a CRAN push). Most are \"cyber\"-related, but there are some general purpose ones. Here's a quick overview: docxtractr (CRAN, now, v0.2.0) was initially designed to make it easy to get data tables out of MS Word (docx) documents. The\u2026","rel":"","context":"In "R"","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":4515,"url":"https:\/\/rud.is\/b\/2016\/07\/10\/cran-packages-on-github-and-some-cran-description-observations\/","url_meta":{"origin":11648,"position":1},"title":"CRAN Packages on GitHub (and some CRAN DESCRIPTION observations)","author":"hrbrmstr","date":"2016-07-10","format":false,"excerpt":"Just about a week ago @thosjleeper posited something on twitter w\/r\/t how many CRAN packages had associations with GitHub (i.e. how many used GitHub for development). The `DESCRIPTION` file (that comes with all R packages) has some fields that can house this information and most folks who do use GitHub\u2026","rel":"","context":"In "R"","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3642,"url":"https:\/\/rud.is\/b\/2015\/08\/24\/new-pacakge-docxtractr-easily-extract-tables-from-microsoft-word-docs\/","url_meta":{"origin":11648,"position":2},"title":"New Pacakge “docxtractr” – Easily Extract Tables From Microsoft Word Docs","author":"hrbrmstr","date":"2015-08-24","format":false,"excerpt":"UPDATE: `docxtractr` is now [on CRAN](https:\/\/cran.rstudio.com\/web\/packages\/docxtractr\/index.html) --------------------- This is more of a follow-up from [yesterday's post](http:\/\/rud.is\/b\/2015\/08\/23\/using-r-to-get-data-out-of-word-docs\/). The hack and function in said post was fine, but it was limited to uniform tables and made you do more work than you had to. So, there's now a `devtools`-installable package [on github](https:\/\/github.com\/hrbrmstr\/docxtractr)\u2026","rel":"","context":"In "R"","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8230,"url":"https:\/\/rud.is\/b\/2018\/02\/16\/pym-js-library-vulnerability-in-widgetframe-package\/","url_meta":{"origin":11648,"position":3},"title":"Pym.js Library Vulnerability in widgetframe Package","author":"hrbrmstr","date":"2018-02-16","format":false,"excerpt":"What's Up? The NPR Visuals Team created and maintains a javascript library that makes it super easy to embed iframes on web pages and have said documents still be responsive. The widgetframe R htmlwidget uses pym.js to bring this (much needed) functionality into widgets and (eventually) shiny apps. NPR reported\u2026","rel":"","context":"In "Cybersecurity"","block_context":{"text":"Cybersecurity","link":"https:\/\/rud.is\/b\/category\/cybersecurity\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3460,"url":"https:\/\/rud.is\/b\/2015\/06\/15\/metricsgraphics-0-8-5-is-now-on-cran\/","url_meta":{"origin":11648,"position":4},"title":"metricsgraphics 0.8.5 is now on CRAN!","author":"hrbrmstr","date":"2015-06-15","format":false,"excerpt":"I'm super-pleased to announce that the Benevolent CRAN Overlords [accepted the metricsgraphics package](http:\/\/cran.r-project.org\/web\/packages\/metricsgraphics\/index.html) into CRAN over the weekend. Now, you no longer need to rely on github\/devtools to use [MetricsGraphics.js](http:\/\/metricsgraphicsjs.org\/) charts from your R scripts. If you're not familiar with `htmlwidgets`, take a look at [the official site for them](http:\/\/www.htmlwidgets.org\/).\u2026","rel":"","context":"In "d3"","block_context":{"text":"d3","link":"https:\/\/rud.is\/b\/category\/d3\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3482,"url":"https:\/\/rud.is\/b\/2015\/06\/29\/get-by-with-a-little-r-help-from-your-friends-at-github\/","url_meta":{"origin":11648,"position":5},"title":"Get by with a little (R) help from your friends (at GitHub)","author":"hrbrmstr","date":"2015-06-29","format":false,"excerpt":"@JennyBryan posted her [slides from the 2015 R Summit](https:\/\/github.com\/jennybc\/2015-06-28_r-summit-talk) and they are a must-read for instructors and even general stats\/R-folk. She's one of the foremost experts in R+GitHub and her personal and class workflows provide solid patterns worth emulation. One thing she has mentioned a few times\u2014and included in her\u2026","rel":"","context":"In "R"","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/11648","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/comments?post=11648"}],"version-history":[{"count":0,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/11648\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media\/11650"}],"wp:attachment":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media?parent=11648"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/categories?post=11648"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/tags?post=11648"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}