[Rd] Restrict package to load-only access - prevent attempts to attach it
Henrik Bengtsson
henr|k@bengt@@on @end|ng |rom gm@||@com
Fri Jul 17 22:56:03 CEST 2020
Thanks. Though, AFAIU, that addresses another use case/need.
I want reverse package dependencies to be able to import functions
from my package using standard R namespace mechanisms, e.g. import()
and importFrom(). The only thing I want to prevent is relying on it
being *attached* to the search() path and access functions that way.
So, basically, all usage should be via import(), importFrom()
NAMESPACE statements or pkg::fcn() calls. All for the purpose of
avoiding the package being used outside of other packages.
I've got a few suggestions offline in addition to the above comments
including allowing the package to be attached but having .onAttach()
wipe the attached environment so it effectively adds zero objects to
the search() path. This is a non-critical feature for me but
nevertheless an interesting one.
/Henrik
On Fri, Jul 17, 2020 at 1:01 PM Iñaki Ucar <iucar using fedoraproject.org> wrote:
>
> Hi Henrik,
>
> A bit late, but you can take a look at smbache's {import} package [1]
> in case you didn't know it. I believe it does what you are describing.
>
> [1] https://github.com/smbache/import
>
> Iñaki
>
> On Tue, 23 Jun 2020 at 22:21, Henrik Bengtsson
> <henrik.bengtsson using gmail.com> wrote:
> >
> > Hi,
> >
> > I'm developing a package whose API is only meant to be used in other
> > packages via imports or pkg::foo(). There should be no need to attach
> > this package so that its API appears on the search() path. As a
> > maintainer, I want to avoid having it appear in search() conflicts by
> > mistake.
> >
> > This means that, for instance, other packages should declare this
> > package under 'Imports' or 'Suggests' but never under 'Depends'. I
> > can document this and hope that's how it's going to be used. But, I'd
> > like to make it explicit that this API should be used via imports or
> > ::. One approach I've considered is:
> >
> > .onAttach <- function(libname, pkgname) {
> > if (nzchar(Sys.getenv("R_CMD"))) return()
> > stop("Package ", sQuote(pkgname), " must not be attached")
> > }
> >
> > This would produce an error if the package is attached. It's
> > conditioned on the environment variable 'R_CMD' set by R itself
> > whenever 'R CMD ...' runs. This is done to avoid errors in 'R CMD
> > INSTALL' and 'R CMD check' "load tests", which formally are *attach*
> > tests. The above approach passes all the tests and checks I'm aware
> > of and on all platforms.
> >
> > Before I ping the CRAN team explicitly, does anyone know whether this
> > is a valid approach? Do you know if there are alternatives for
> > asserting that a package is never attached. Maybe this is more
> > philosophical where the package "contract" is such that all packages
> > should be attachable and, if not, then it's not a valid R package.
> >
> > This is a non-critical topic but if it can be done it would be useful.
> >
> > Thanks,
> >
> > Henrik
> >
> > ______________________________________________
> > R-devel using r-project.org mailing list
> > https://stat.ethz.ch/mailman/listinfo/r-devel
>
>
>
> --
> Iñaki Úcar
More information about the R-devel
mailing list