You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Speaking to Colin Gillespie of Jumping Rivers at R Dev Day at Imperial: we may want to consider string similarity for flagging packages for manual review. Potential for malicious packages registered with similar names e.g. lubidate. Then if the package is not found on CRAN, it hits our repo and can install something malicious. From his experience of PyPi.
We could have the bot check how similar a contributed package name is to the names of packages already registered. ChatGPT suggests packages stringiest, RecordLinkage, and fuzzyjoin, among others. I think we would want to avoid false positives, especially in the presence of many packages. (Could test with the names of CRAN packages.)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
From @shikokuchuo:
We could have the bot check how similar a contributed package name is to the names of packages already registered. ChatGPT suggests packages
stringiest,RecordLinkage, andfuzzyjoin, among others. I think we would want to avoid false positives, especially in the presence of many packages. (Could test with the names of CRAN packages.)Beta Was this translation helpful? Give feedback.
All reactions