Reputation: 8760
Discover all installed R packages with a Java dependency (for security reasons)
For security reasons I am forced to de-install Java (JRE) on a machine I am using with R.
How can I (easily :-) discover all installed packages that use Java?
Edit 14.12.2021: The log4j-log4shell-cve-2021-44228-vulnerability makes this question (and answers) even more interesting ;-)
Upvotes: 5
Views: 1418
Answers (2)
Reputation: 8760
I have extended the solution of @GSW's answer by also considering other types of dependencies from the rJAva package:
libs = installed.packages()
imports = grep("Java", libs[,"Imports"], ignore.case=TRUE)
depends = grep("Java", libs[,"Depends"], ignore.case=TRUE)
linking.to = grep("Java", libs[,"LinkingTo"], ignore.case=TRUE)
enhances = grep("Java", libs[,"Enhances"], ignore.case=TRUE)
# SystemRequirements may also contain Java dependencies but is not available in the matrix
libs[c(imports, depends, linking.to, enhances),
c("Package", "Imports", "Depends", "LinkingTo", "Enhances")]
This now also finds eg. xlsx:
Package Imports Depends LinkingTo Enhances
xlsx "xlsx" NA "rJava, xlsxjars" NA NA
xlsxjars "xlsxjars" NA "rJava" NA NA
Edit Dec 21, 2021: If you want to find all CRAN packages (not only the installed ones) that directly depend on JAVA (eg. due to log4j vulnerability) you can use:
# Dependencies external to the R system should be listed in the `SystemRequirements` field of the package's DESCRIPTION file.
# This also holds true until the package uses Java via the rJava package where the `Imports` or `Depends` declaration suffices:
# https://cran.r-project.org/doc/manuals/R-exts.html#Non_002dR-scripts-in-packages
CRAN.pkgs <- tools::CRAN_package_db() # gets a list of all R packages at CRAN
imports = grepl("Java", CRAN.pkgs$Imports, ignore.case = TRUE)
depends = grepl("Java", CRAN.pkgs$Depends, ignore.case = TRUE)
linking.to = grepl("Java", CRAN.pkgs$LinkingTo, ignore.case = TRUE)
enhances = grepl("Java", CRAN.pkgs$Enhances, ignore.case = TRUE)
sysreq = grepl("Java", CRAN.pkgs$SystemRequirements, ignore.case = TRUE)
CRAN.java.pkgs <- CRAN.pkgs[imports | depends | linking.to | enhances | sysreq,
c("Package", "Imports", "Depends", "LinkingTo", "Enhances", "SystemRequirements")]
NROW(CRAN.pkgs) # more than 18.000 in 12/2021
NROW(CRAN.java.pkgs) # 137 in 12/2021
CRAN.java.pkgs$Package # show all packages found
Upvotes: 4
Reputation: 37661
You can use installed.packages to determine which packages import the rJava package. You need to tell installed.packages to include the Imports field from the package description, and then check which packages import rJava.
LIBS = installed.packages(fields=c("Imports"))
JPacks = grep("Java", LIBS[,"Imports"], ignore.case=TRUE)
LIBS[JPacks, c("Package", "Imports")]
Package
RWeka "RWeka"
RWekajars "RWekajars"
Imports
RWeka "RWekajars (>= 3.9.0), rJava (>= 0.6-3), graphics, stats,\nutils, grid"
RWekajars "rJava (>= 0.6-3)"
Upvotes: 5
Related Questions
- R studio failing to use rJava lib and failing javareconf
- A Checker function in a R package that finds the version of JDK installed in the client machine
- R: Cannot install rJava; what is r-api-3.4?
- Error of java path on loading rJava package
- How to reinstall Java in R in order to make rJava loadable?
- Check for installed packages in R
- How to compile R package that uses rJava
- how to include a java dependency for an R package
- Not finding libraries for JRI
- Cannot load rJava because cannot load a shared library