←back to thread

Show HN: Rv, a Package Manager for R

(github.com)
68 points Keats | 4 comments | 16 May 25 15:37 UTC | HN request time: 0.516s | source

We have been building a package manager for R inspired by Cargo in Rust. The main idea behind rv is to be explicit about the R version in use as well as declaring which dependencies are used in a rproject.toml file for a given project. There's no renv::snapshot equivalent, everything needs to be declared up front, the config file (and resulting lockfile) is the source of truth. This avoids issue where renv might miss information about the installation and is also easy to tweak some packages, eg install one from source and install suggests from another.

If you have used Cargo/npm/any Python package manager/etc, it will be very familiar.

1. _Wintermute ◴[16 May 25 17:09 UTC] No.44007732[source]
My biggest issue with R package management is version pinning. If I specify an older version of a package, R will fetch the latest versions of all its dependencies, regardless if they're compatible or not, which leads to manually chasing down and re-installing specific versions of dependencies and sub-dependencies one-by-one.

Microsoft's CRAN time machine helped solved this, but I think they've recently shut it down and I don't really trust Posit to not have a version behind a paywall.

replies(3): >>44008221 #>>44008502 #>>44008542 #
2. arbutus8 ◴[16 May 25 18:01 UTC] No.44008221[source]
You're hitting one of my (and many people's) main issue with the R package distribution system. In CRAN, only one package version is available at a time, which makes things like version pinning quite difficult. Now the benefit of that is that CRAN guarantees all packages will work together at any moment in time, but then trying to reach back into the Archive breaks that guarantee.

What the CRAN time machine (and now Posit Package Manager) does is take that compatibility guarantee, and freeze it so you have access to all the same, compatible, packages at any moment in time.

While I personally do use PPM fairly extensively, I do understand the paywall concern for long-term reproducibility so `rv` can help you here, with a bit of manual massaging. I'd recommend setting the repositories section of the config file to be a snapshot date in PPM that contains the package version(s) you're interested in and then installing using that repository (taking the benefit of that CRAN guarantee), then in both the config file and `rv.lock`, replace all the references to the PPM repo with your preferred CRAN mirror. This will allow you to resolve to compatible package versions, but then for your POSIT concern, will still be able to reproduce using the CRAN archive.

3. t-kalinowski ◴[16 May 25 18:31 UTC] No.44008502[source]
Posit offers something similar to Microsoft’s CRAN Time Machine, but it works not only for CRAN, but also for Bioconductor and PyPI. You can add a date to the Public Posit Package Manager URL to access a snapshot of all packages from that day.

For example: https://packagemanager.posit.co/cran/2025-03-02

You can browse available snapshot dates here: https://packagemanager.posit.co/client/#/repos/cran/setup?sn...

This also works for PyPI and Python packages: https://packagemanager.posit.co/pypi/2025-03-04/simple

4. almostkindatech ◴[16 May 25 18:35 UTC] No.44008542[source]
Might be worth looking at groundhog, if you want a 'time machine' less likely to have a commercial motive