Address CRAN issues (#16)

Relatively minor tweaks:

 * Use donttest in examples
 * Clarify copyright
 * Minor clean up

.Rbuildignore

@@ -10,3 +10,5 @@
 ^\.lintr$
 ^\.travis\.yml$
 ^CONTRIBUTORS\.md$
+^docs/
+^\.idea

.gitignore

@@ -41,3 +41,9 @@ vignettes/*.pdf
 README.html
 .Rproj.user
 .DS_Store
+
+# IntelliJ IDEA project files
+.idea
+
+# ci config for local ci build
+.circleci/local-config.yml

DESCRIPTION

@@ -1,24 +1,31 @@
 Package: oysteR
-Title: Scans R Projects for Vulnerable Third Party Dependencies,
-    using Sonatype's OSS Index
-Version: 0.0.1
+Title: Scans R Projects for Vulnerable Third Party Dependencies
+Version: 0.0.3
 Authors@R: 
     c(person(given = "Jeffry",
              family = "Hesse",
-             role = c("aut", "cre"),
+             role = "aut",
              email = "[email protected]"),
       person(given = "Brittany",
              family = "Belle",
              role = "aut",
              email = "[email protected]"),
       person(given = "Colin",
              family = "Gillespie",
+             role = c("aut", "cre"),
+             email = "[email protected]",
+             comment = c(ORCID = "0000-0003-1787-0275")),
+      person(given = "Dan",
+             family = "Rollo",
              role = "aut",
-             email = "[email protected]"))
-Maintainer: Jeffry Hesse <[email protected]>
-Description: Collects your R dependencies, and scans them with
-    Sonatype's OSS Index, reporting back on any vulnerabilities that are
-    found.
+             email = "[email protected]"),
+      person(given = "Sonatype",
+             role = "cph"))
+Maintainer: Colin Gillespie <[email protected]>
+Description: Collects a list of your third party R packages, and
+    scans them with the 'OSS' Index provided by 'Sonatype', reporting back
+    on any vulnerabilities that are found in the third party packages you
+    use.
 License: Apache License 2.0 | file LICENSE
 URL: https://github.com/sonatype-nexus-community/oysteR
 BugReports: 

NEWS.md

@@ -0,0 +1,7 @@
+# oysteR 0.0.3
+  * CRAN release
+  * Use donttest in examples
+  * Fix "spelling" mistakes in DESCRIPTION
+
+# oysteR 0.0.1
+  * Initial version

R/audit_deps.R

@@ -15,6 +15,7 @@
 #' @importFrom tibble as_tibble tibble
 get_pkgs = function(pkgs = NULL) {
   if (is.null(pkgs)) {
+    cli::cli_alert_info("Calling {.pkg installed.packages()}, this may take time")
     pkgs = tibble::as_tibble(installed.packages()[, c(1, 3:4)])
     pkgs = pkgs[is.na(pkgs$Priority), c("Package", "Version")]
     colnames(pkgs) = c("package", "version")
@@ -50,13 +51,14 @@ get_purls = function(pkgs) {
 #' @return A tibble/data.frame.
 #' @export
 #' @examples
-#' \dontrun{
-#' # Use installed.packages()
-#' audit_deps()
+#' \donttest{
+#' # Audit installed packages
+#' # This calls installed.packages()
+#' # pkgs = audit_deps()
 #'
-#' # Pass your own packages
-#' pkgs = data.frame(Package = c("abind", "acepack"),
-#'                   Version = c("1.4-5", "1.4.1"))
+#' # Or pass your own packages
+#' pkgs = data.frame(package = c("abind", "acepack"),
+#'                   version = c("1.4-5", "1.4.1"))
 #' audit_deps(pkgs)
 #' }
 audit_deps = function(pkgs = NULL, verbose = TRUE) {
@@ -80,9 +82,15 @@ audit_deps = function(pkgs = NULL, verbose = TRUE) {
 #' @importFrom tidyr unnest
 #' @export
 #' @examples
-#' \dontrun{
-#' # Use installed.packages()
-#' deps = audit_deps()
+#' \donttest{
+#' # Audit installed packages
+#' # This calls installed.packages()
+#' # pkgs = audit_deps()
+#'
+#' # Or pass your own packages
+#' pkgs = data.frame(package = c("abind", "acepack"),
+#'                   version = c("1.4-5", "1.4.1"))
+#' deps = audit_deps(pkgs)
 #' get_vulnerabilities(deps)
 #' }
 get_vulnerabilities = function(audit) {

cran_comments.md

@@ -1,27 +1,41 @@
+## New Submission
+  * Previous submission v0.0.3 was rejected with comments (addressed below)
+  * Previous CRAN handler: Swetlana Herbrandt <[email protected]>
+
 ## Test environments
-* local OS X install, R version 3.6.1
-* CircleCI, linux, R version 3.6.1 (rocker/verse:3.6.1 image)
+  * local Ubuntu install, R version 4.0.0
+  * CircleCI, linux, R version 3.6.1 (rocker/verse:3.6.1 image)
+  * Travis & win-builder: R old, release, dev
 
 ## R CMD check results
-There were no ERRORs or WARNINGs. 
 
-There was 1 NOTE:
-* checking CRAN incoming feasibility ... NOTE
-Maintainer: ‘Jeffry Hesse <[email protected]>’
+There were no ERRORs or WARNINGs. 
+There was 1 NOTE on checking CRAN incoming feasibility
 
-New submission
+## Comments from previous submission
 
-## Win-buildr results
+> Thanks, please replace \dontrun{} by \donttest{} in your Rd-files.
 
-* checking CRAN incoming feasibility ... NOTE
-Maintainer: 'Jeffry Hesse <[email protected]>'
+Done
 
-New submission
+> You are using installed.packages():
+> "This needs to read several files per installed package, which will be
+> slow on Windows and on some network-mounted file systems.
+> It will be slow when thousands of packages are installed, so do not use
+> it to find out if a named package is installed (use find.package or
+> system.file) nor to find out if a package is usable (call
+> requireNamespace or require and check the return value) nor to find
+> details of a small number of packages (use packageDescription)."
+> [installed.packages() help page]
 
-Possibly mis-spelled words in DESCRIPTION:
+> Please fix and resubmit.
 
-  OSS (3:20, 20:16)
-  Sonatype's (3:9, 20:5)
+`installed.packages()` is core to this package's functionality - check the users 
+installed packages for vulnerabilities. We do __not__ use this to
+ * find out if a named package is installed, or
+ * find out if a package is usable, or
+ * find details of a small number of packages
 
-These are not typos, OSS is open source software (and the name of OSS Index), and Sonatype's
-is who built the application with the community.
+We use this function to obtain a list of all packages currently installed in order to check
+them for known vulnerabilities. When the function is called, we provide a message to the user
+stating this may take a while

docs/RELEASING.md

@@ -0,0 +1,43 @@
+Releasing
+=========
+
+The following steps were required to release using R Studio.
+
+1. From the R Studio `Build` menu, select `Install and Restart`.
+
+2. From the R Studio `Build` menu, select `Check Package`.
+
+
+The following steps were required to releash to CRAN using a Mac. (Currently using branch: `CRANTryTwo`)
+
+1. Install R.
+
+       brew install r
+
+2. Install tex tools. Note: Need to close and reopen terminal (and/or RStudio) to see `pdflatex` on the path.
+
+       brew cask install mactex
+       
+3. Install pandoc to check .md files.
+
+       brew install pandoc
+
+4. Install [RStudio](https://rstudio.com/products/rstudio/download/#download).
+
+5. Open [oysteR.Rproj](../oysterR.Rproj) in RStudio.
+
+6. Setup devtools.
+
+   In R Console tab, run: `install.packages("devtools")`
+
+7. Run R Command to build.
+
+       R CMD build .
+
+8. Run R Command to check.
+
+       R CMD check *tar.gz --as-cran
+
+
+After a successful build/check, submit the `oysteR_x.y.z.tar.gz` file to the [win-builder](https://win-builder.r-project.org/) project to verify it works on Windows. The [upload](https://win-builder.r-project.org/upload.aspx) page worked well for me. Submit the tar.gz to all three R versions: R-release, R-devel, R-oldrelease. (Give the Maintainer a heads up to watch for  results emails from these submissions.)
+