Has CRAN avoided malicious packages?

It seems that every week we read about another compromised package uploaded to PyPI or npm. The tide has become so steady that package managers are starting to implement dependency cooldowns. As a heavy R user, I began to wonder, has a malicious actor ever uploaded a compromised/malicious package to CRAN (the standard repository for R packages)?

I can’t think of any, and a Google search only turns up this weird thread on the R mailing list of an apparent false positive on a vignette bundled with a particular package. Thankfully, there is arXiv paper uploaded last year that directly addresses this question: A Time Series Analysis of Malware Uploads to Programming Language Ecosystems by Ruohonen & Saddiqa. This paper analyzes the Open Source Vulnerabilities (OSV) database for six popular programming language ecosystems: CRAN (R), Go, Maven (Java), npm (JavaScript), PyPI (Python), and RubyGems (Ruby).

Table 1 from the paper shows CRAN to be completely free of malware entries, with Maven having only 1 and Go having 8. RubyGems has nearly a thousand and npm and PyPI have many thousands each. This is not to say packages uploaded to CRAN have never had vulnerabilities: the OSV database currently lists 14 for CRAN packages. But there is no evidence that any of these vulnerabilities were introduced with malicious intent.

Why is this? Probably not because R users are uniquely virtuous. CRAN is much smaller than npm or PyPI, less central to production web infrastructure, and much more annoying to publish to. All package updates must pass a battery of automated tests before being accepted, and new packages must pass manual review by a CRAN maintainer. CRAN also does not accept pre-compiled binary files from package maintainers.

None of these qualities make CRAN impermeable to malicious package uploads. But the contrast is still striking. In npm and PyPI, malicious uploads are a fact of life to be managed. On CRAN, at least so far, they remain mostly hypothetical.