Validate only the
functions you use
Litmus helps teams working in regulated environments validate R packages faster, with a focus on the functions that actually matter, rather than entire packages.
Why Litmus is different
With Litmus, you only validate what you actually use
Package validation has never been both robust and customisable, until now. Litmus focuses only on the functions your code depends on and helps you prioritise validation based on impact.
That means:
- Validating only functions you use
- Automatic detection via API
- Significant cost and time savings
- Reusable across organisations
The problem with other packages
Validating R packages doesn't have to be slow, inconsistent or expensive
Most packages contain hundreds of functions. But most projects only use a handful. Yet teams are often required to validate everything.
That means:
- Validating entire packages
- Testing hundreds of unused functions
- High cost, longer timelines
- Repeated work across projects
How it works
A structured approach to validation:
Select Packages
Identify the packages and the functions you use
Generate Evidence
Generate evidence and meta data
Score & Classify
Assess risk and assign scores
Decide
Validate based on risk and usage
Monitor
Produce clear documentation for audit
Features
Litmus supports your validation process with:
Risk Scoring Framework
Automated Audit Reports
User-friendly dashboard
Custom Testing Options
Ongoing Monitoring
Open-source contribution
Litmus gives your team confidence that what you're running in production is genuinely validated — nothing more, nothing less.
Talk to our teamLitmus is designed for teams working with R in regulated environments:
Pharma & GxP teams
Litmus supports GxP validation workflows in pharmaceutical and biotech organisations. It produces PDF audit reports, maintains a full validation trail, and integrates with regulated deployment pipelines, helping you meet FDA, EMA, and ICH E9(R1) requirements.
Enterprise data teams
For large organisations with complex R environments, Litmus provides a scalable approach to package governance. Reuse validation evidence across projects and teams, reducing redundant effort and keeping your package portfolio under control.
Organisations managing complex package ecosystems
Whether you're managing CRAN, Bioconductor, GitHub or internal packages, Litmus supports any source. It decouples risk assessment from risk mitigation, giving you flexibility to apply your own risk appetite rather than following a pre-defined approved list.
Jumping Rivers supports teams with:
Litmus implementation
Our team handles end-to-end Litmus deployment for your organisation. We configure the platform to your package collection, set up automated pipelines, and ensure everything integrates smoothly with your existing R infrastructure.
Validation strategy
We work with you to define a validation strategy that matches your risk appetite, from low-touch automated scoring to full statistical programmer review. Our approach follows R Validation Hub guidelines and is tailored to your specific regulatory context.
GxP-compliant deployments
We support GxP-compliant infrastructure deployments, including IQ/OQ/PQ documentation, user access controls, and audit-ready reporting. Our statistical programmers (MSc and PhD level) review findings and provide signed validation documentation.
Training and onboarding
We run tailored training for your team covering R package validation principles, how to interpret Litmus risk scores, and how to use the dashboard and reporting tools. Training can be delivered in-person or remotely across your organisation.
We can help you simplify and strengthen your validation process. Talk to us about Litmus.
Get in touchOur FAQs
How can Jumping Rivers help me validate my package collection?
Our pre-sales process works like this: You provide us with a list of your packages and their versions, built package files, or a link to a specific repository. We then perform a preliminary analysis of your collection to let you know how many packages would be high, medium and low risk using our standard scoring framework. Based on this preliminary risk analysis, we can discuss a way forward to meet your organisation's needs. This could involve creating custom assessments, scoring, reporting, and dashboards to support your decision-making.
Why is the Litmus approach more flexible and light-weight than other approaches?
Unlike our competitors, we do not provide you with a pre-validated list of packages, so you do not need to pay for packages that you have no interest in using. We allow you to provide your own package list instead, and based on the risk assessment, make recommendations on how to proceed with acceptance of the packages into your environment, outright rejection or the possibility of package remediation, wherein we address issues with the package (for example, test coverage, statistical reproducibility, documentation). We do not dictate what your risk appetite should be, but instead collaborate with you to establish what your priorities are, and use these to inform targeted interventions with respect to the risk of your package collection.
What scores do you use? How are these scores calculated?
We have created a custom scoring framework called litmus.score which provides individual metrics for package risk in four categories, namely code quality, maintenance, popularity and documentation quality. These metrics are combined into a scoring strategy where each is weighed according to their relative importance within a category. Each category is then assigned a weight within the total score, so that each package assessed is awarded an overall score out of 1.
Do you support packages that are not hosted on CRAN?
Yes! We really mean it when we say 'bring your own package'. Some of the assessments will not run (e.g. risk of removal from CRAN), but will not contribute to the overall score for the package.
See all FAQs