遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/5593)
<a href="https://www.bestpractices.dev/projects/5593"><img src="https://www.bestpractices.dev/projects/5593/badge"></a>
Build display tables from tabular data with an easy-to-use set of functions using the R package called gt. With its progressive approach, we can construct display tables with a cohesive set of table parts. Table values can be formatted using any of the included formatting functions. Footnotes and cell styles can be precisely added through a location targeting system. The way in which gt handles things for you means that you don't often have to worry about the fine details.
There are currently multiple authors involved in the project. See the DESCRIPTION file for the list of authors: https://github.com/rstudio/gt/blob/master/DESCRIPTION.
This does have a number (more than two) unassociated significant contributors. This can be seen in the DESCRIPTION file: https://github.com/rstudio/gt/blob/master/DESCRIPTION.
There is a copyright statement at the top of each source file, identifying the copyright holder using the 'gt authors` grouping. An example can be found in this source file: https://github.com/rstudio/gt/blob/master/R/format_data.R
There is a license statement at the top of each source file. It links for a full copy of the license text. An example can be found in this source file: https://github.com/rstudio/gt/blob/master/R/format_data.R
Repository on GitHub, which uses git. git is distributed.
The project repository uses labels to mark issues and one of them is entitled 'Good First Issue'. This is well-recognized as a label that is used for smaller issues, those that can be reasonably worked on without knowing too much about the codebase. The label can be seen in the Labels view: https://github.com/rstudio/gt/labels
This project does use 2FA.
The 2FA does satisfy this requirement.
This is clearly stated in the CONTRIBUTING.md document that users will see when creating a PR (https://github.com/rstudio/gt/blob/master/.github/CONTRIBUTING.md). There is also a Pull Request template that gives users a checklist for the code review: https://github.com/rstudio/gt/blob/master/.github/PULL_REQUEST_TEMPLATE.md
Reviews are needed for each submitted PR.
The code files are for the R language and it has a reproducible build system of packages.
The tests are in the standard format for R packages. Using the testthat package (http://github.com/r-lib/testthat), it is easy to run the tests. Standard R package quality checks run these tests, as do testthat::test_package() and devtools::test(). This is the de facto standard for R packages.
testthat::test_package()
devtools::test()
The gt package uses GitHub Actions to run R CMD check (a comprehensive set of tests for the package) with each commit and pull request. Users can verify the status of recently run checks by inspecting the badge on the project README. Merging doesn't occur unless all CI checks pass (check the workflow file at: https://github.com/rstudio/gt/blob/master/.github/workflows/R-CMD-check.yaml).
This project uses the covr package in its checks. It provides better than 90% statement coverage (check the workflow file at: https://github.com/rstudio/gt/blob/master/.github/workflows/test-coverage.yaml)
This project uses the covr package in its checks and it applies to the branches of the project. It provides better than 80% branch coverage (check the workflow file at: https://github.com/rstudio/gt/blob/master/.github/workflows/test-coverage.yaml)
This is out of scope for gt and other R packages that do not explicitly focus on privacy and security.
We use GitHub for the project website. With http://securityheaders.com , we can verify that the site meets this criterion.
// not all headers are set
The files in the following directory (https://github.com/rstudio/gt/tree/master/R) have been reviewed by someone considered an expert in security, especially as it relates to code/HTML generation.
All linting from lintr is performed regularly and is part of the development process. This process includes releases of the software.
Dynamic analysis is not required for gt. This is true for all R packages that are implemented entirely in R (without uses of C, C++, etc.).
后退