Many R users trust scripts because they can open and edit them, but fear packages because the logic hides behind function calls. insideR addresses that fear at the level where you actually work: the individual call.
Explain a call
explain_call() answers three questions before you touch
anything: which function will actually run, what does it call
internally, and how safely could you replay it as standalone code?
x <- c(1, 3, 5, 7, 100)
explain_call(stats::fivenum(x))
#>
#> ── insideR call explanation ────────────────────────────────────────────────────
#> Original call: `stats::fivenum(x)`
#> Executing function: `fivenum()` from stats
#>
#> ── Function path ──
#>
#> fivenum()
#> ── Replay status ──
#> Full standalone replay looks possible.
#>
#> ── Security notes (static scan) ──
#>
#> No risky calls detected by the static scan.For S3 generics, insideR resolves the dispatch for you: pass the call exactly as you would run it, and the report names the method that executes.
The security notes section is a static scan of the involved functions for calls worth reviewing — shell command execution, network access, dynamic code evaluation, file writes, global-state mutation, and compiled entry points. It is a transparency report, not a malware detector.
Unpack a call
unpack_call() runs the call once and turns it into a
small replay project:
dir <- file.path(tempdir(), "fivenum_replay")
unpack_call(stats::fivenum(x), output_dir = dir, overwrite = TRUE)
#>
#> ── insideR unpack ──────────────────────────────────────────────────────────────
#> Call: `stats::fivenum(x)`
#> Replay project written to /tmp/RtmpOimYXx/fivenum_replay
#> • Script: /tmp/RtmpOimYXx/fivenum_replay/replay.R
#> • Extracted function: `fivenum()`
#> • Captured input: "x"
#> • Replay status: full
#> • Security scan: no risky calls detected
#> Run it with: `setwd("/tmp/RtmpOimYXx/fivenum_replay"); source("replay.R")`The core artifact is a single self-contained script:
-
replay.R— the extracted functions (with documentation carried over from the package’s help files), your captured inputs, the reproducing call, and a verification block; -
data/*.rds— the captured inputs and the original result; -
insider_manifest.rds— machine-readable metadata about the unpack.
cat(readLines(file.path(dir, "replay.R")), sep = "\n")
#> # ==============================================================
#> # insideR replay script
#> # Original call : stats::fivenum(x)
#> # Package : stats 4.6.1
#> # Source : local / unknown
#> # Generated : 2026-07-04 17:33:21 by insideR 0.2.0
#> # R version : R version 4.6.1 (2026-06-24)
#> #
#> # Run from this directory: source("replay.R")
#> # ==============================================================
#> #
#> # Security notes (static scan of the extracted code):
#> # - no risky calls detected by the static scan
#> # Static scan only: review the code below before running it elsewhere.
#>
#> ## ---- extracted functions -------------------------------------
#>
#> ## ---- function: fivenum ---------------------------------------
#>
#> ## Tukey Five-Number Summaries
#> ## Exported from stats; see ?stats::fivenum
#> fivenum <- function (x, na.rm = TRUE)
#> {
#> xna <- is.na(x)
#> if (any(xna)) {
#> if (na.rm)
#> x <- x[!xna]
#> else return(rep.int(NA, 5))
#> }
#> x <- sort(x)
#> n <- length(x)
#> if (n == 0)
#> rep.int(NA, 5)
#> else {
#> n4 <- floor((n + 3)/2)/2
#> d <- c(1, n4, (n + 1)/2, n + 1 - n4, n)
#> 0.5 * (x[floor(d)] + x[ceiling(d)])
#> }
#> }
#>
#> ## ---- inputs (captured from your session) ---------------------
#>
#> x <- readRDS("data/x.rds")
#>
#> ## ---- reproduce the call with the extracted functions ---------
#>
#> replay_result <- fivenum(x = x)
#>
#> ## ---- verify --------------------------------------------------
#>
#> original_result <- readRDS("data/original_result.rds")
#> replay_ok <- isTRUE(all.equal(replay_result, original_result))
#> if (replay_ok) {
#> cat("OK: extracted functions reproduce the original package result.\n")
#> } else {
#> cat("MISMATCH: replay differs from the original result:\n")
#> print(all.equal(replay_result, original_result))
#> stop("insideR replay verification failed.")
#> }
#>
#> if (requireNamespace("stats", quietly = TRUE)) {
#> package_result <- stats::fivenum(x = x)
#> if (isTRUE(all.equal(replay_result, package_result))) {
#> cat("OK: replay also matches a live call to the installed package.\n")
#> } else {
#> cat("NOTE: a live package call differs (package version may have changed).\n")
#> }
#> }Replay and verify
Running the script from its directory re-executes the call with the extracted functions and proves reproducibility every time:
env <- new.env(parent = globalenv())
old <- setwd(dir); source("replay.R", local = env); setwd(old)
#> OK: extracted functions reproduce the original package result.
#> OK: replay also matches a live call to the installed package.The script stops with an error if the replay stops matching the stored original result, and additionally compares against a live call to the installed package when it is available.
Customize safely
Edit the extracted functions in replay.R (or copy it
first) and re-source: the verification block immediately tells you
whether — and how — your change altered the result. Your installed
package is never touched. If a local change reveals a general bug or a
reusable feature, that is the moment to propose it upstream.
Limitations
insideR reports rather than hides what it cannot extract: compiled
C/C++/Fortran internals, helpers beyond max_depth, and
functions from other packages are bound from their namespaces instead of
extracted, and the script header says so. Complex S4/R6 dispatch,
database/API calls, and heavy non-standard evaluation are out of scope
for the current version.