CPANscan

Data::JPack is a small packaging toolkit that helps Perl developers bundle JavaScript, text and binary assets for web clients so applications can run from local files or be embedded directly into HTML without running a server. It provides a simple server-side API to create packer objects, encode and decode whole payloads or stream them by emitting a header, one or more data chunks, and a footer, and it can produce either external data files or inline embedded content for offline or single-file deployments. The module aims to simplify delivering templated content to browsers and to prepare payloads that work with a client-side companion (Data::JPack::App) and with worker pools for CPU-intensive JavaScript tasks. Configuration options let you point to an HTML container, choose inline versus external packaging, and enable basic compression using the deflate algorithm. Note that the current implementation only supports the "data" package type and deflate is the sole compression option.

Dist::Zilla::Plugin::CycloneDX is a small Dist::Zilla plugin that generates a CycloneDX software bill of materials (SBOM) and includes it in your distribution. It produces an SBOM from the metadata already present in your META files so you can add standardized supply‑chain metadata with minimal fuss. Other Dist::Zilla plugins that implement the CycloneDXSource role can extend what gets included, so the output can be enriched as needed. This initial release is a lightweight way for Perl module authors who use Dist::Zilla to produce CycloneDX output from existing distribution metadata.

Stats::LikeR is a compact toolkit that brings R-like data frame manipulation and a wide range of statistical routines to Perl, letting you read and write CSV/TSV tables, reshape between array-of-hashes, hash-of-arrays, and hash-of-hashes, and run common analyses such as summary statistics, t‑tests, ANOVA, linear and generalized linear models, PCA, chi‑square and nonparametric tests, correlations, and more. It includes helpers for table operations like filter, group_by, assign, csort, add_data and transpose, column-wise utilities such as col2col and vals, random and distribution generators, and conveniences like seq, sample, uniq and value_counts, all designed to feel familiar to R users while working naturally with Perl data shapes. Performance-sensitive pieces are implemented in XS where appropriate and the API supports formula notation for modeling plus a predict routine to score new data. Be aware that many numeric reducers and tests treat undefined values strictly and will die on undef inputs unless handled first, which makes the module strict but helps catch data problems early. If you need R-style data wrangling and statistics inside Perl without switching languages, this module is highly relevant.

Test::Mojo::Role::OpenAPI::Modern adds OpenAPI-aware validation helpers to Test::Mojo so you can assert that HTTP requests and responses from your Mojolicious app conform to an OpenAPI document. You give it an OpenAPI::Modern object or let it pick one up from your app configuration and then use simple test methods like request_valid and response_valid, their inverse forms that can match specific error messages, and operation_id_is to check the invoked operation. It can return or print the JSON::Schema::Modern::Result objects for diagnostics and has a test_openapi_verbose switch to automatically dump validation failures. Note that for testing you should use a relative openapi_uri so test request URIs match the spec. This role is a straightforward way to bring OpenAPI and JSON Schema validation into your Test::Mojo suite.

SBOM::CycloneDX is a Perl library for creating, manipulating and validating OWASP CycloneDX software bills of materials. It exposes rich object models for components, services, dependencies, vulnerabilities, metadata and other CycloneDX concepts so you can build a BOM programmatically, serialize it to CycloneDX‑compliant JSON and validate it against the spec. The module supports CycloneDX versions 1.2 through 1.7 and includes convenient helpers for adding dependencies, finding components by PURL or bom-ref and converting BOMs to hashes or strings. The latest updates deprecate SBOM::CycloneDX::Vulnerability::Source and SBOM::CycloneDX::Issue::Source and make JSON::Validator based tests optional, and the distribution is useful for developers, security teams and build or CI tooling that need to generate or audit SBOMs for supply‑chain and compliance workflows.

constant::string is a tiny Perl pragma that lets you declare string constants whose values are the same as their names so that a symbol like FOO evaluates to the string "FOO" without you repeating the literal. You pass it a list of identifiers and it installs compile-time constants in the caller, leveraging Perl's built-in constant pragma so the values are inlined and efficient rather than being ordinary runtime sub calls. It is handy when you want simple symbolic tokens, event names, labels, or enum-like values without typing the strings repeatedly. Initial release: 2026.26.

Clownfish is a lightweight "symbiotic" object system and code generator designed to make it easier to build high‑performance language extensions in C and expose them cleanly to other host languages. It provides a small runtime with core data types and a root Obj class, plus a compiler called CFC that generates C headers, host-language bindings, initialization glue and documentation from simple Clownfish class descriptions. The system supports single inheritance, virtual dispatch, lazy creation of host objects, introspection and guaranteed ABI stability so you can add or reorder methods and fields without breaking binary compatibility. Clownfish is already used by the Apache Lucy project and offers feature‑complete support for C and Perl 5, experimental Go bindings and early work for Python and Ruby, making it a good fit if you need modular, fast bindings or a shared C library with cross‑language APIs. The recent 0.6.4 release fixes clang warnings that blocked installation on macOS, and ongoing work aims to broaden host language support and add interface features.

Clownfish::CFC is the compiler component for the Apache Clownfish system that developers use to turn Clownfish interface descriptions into the C runtime, language bindings, and documentation needed to build or embed Clownfish-based libraries in other languages. This is an alpha release whose public API has been intentionally cloaked, so internal interfaces may change and the module should be treated as experimental. It is distributed under the Apache License 2.0 and has an active changelog addressing build and portability issues across platforms and host languages; the most recent fix removes clang warnings that previously prevented installation on macOS. If you work with Apache Clownfish or need an automated way to generate multi-language bindings and C glue code, this is the tool you would use, but expect evolving behavior while the project matures.

Amazon::API is a lightweight Perl base class for calling AWS services that lets you either handcraft minimal clients, subclass it for a specific service, or auto-generate fully featured Perl service classes from Botocore metadata. It handles endpoint construction, AWS Signature v4 signing, credential discovery or injection, content-type selection, automatic response decoding and pagination for Botocore-based APIs, and provides utilities for formatting query-style parameters. If you only need a few APIs or want a smaller dependency footprint than a full SDK this module makes it easy to build just what you need while the included amazon-api tool can generate complete service and shape classes from the Botocore repo. The module favors resilience when serialization fails by returning raw responses by default and lets you opt in to raised serialization errors, and recent releases improve serialization by detecting protocol from Botocore metadata and fix several shape-handling bugs. It is not a drop-in replacement for larger SDKs like Paws for every edge case, S3 support is not recommended here, and Windows has not been tested.

Data::NestedKey is a lightweight object-oriented Perl utility for reading and updating deeply nested hash and array structures using simple dot-separated paths with optional [n] array subscripts, so you can refer to items like repositories[0].repositoryUri or items[-1].name without manual traversal. It offers get, set, delete and exists_key methods, supports appending and merging with a "+key" prefix and removal with a "-key" prefix, and returns sensible values for missing paths; stringification via as_string lets you serialize the whole structure in JSON by default and also supports YAML, Data::Dumper and Storable formats. The module is handy for manipulating configuration files or API responses where values live many levels deep, and the recent 1.1.0 release added full array-index support in set/get/delete/exists_key plus improved path parsing for more flexible access.

mb.pm is a modulino and source filter that lets you write and run Perl scripts using legacy multibyte encodings instead of UTF‑8 by transparently transpiling MBCS literals into octet‑oriented Perl code or by providing runtime mb::* helpers for codepoint semantics. It supports Big5, Big5‑HKSCS, EUC‑JP, GB18030, GBK, Shift_JIS/CP932, UHC, UTF‑8 and WTF‑8 and handles tricky cases like multibyte characters whose second byte looks like an ASCII metacharacter by escaping them, adding multibyte anchoring to regular expressions, and rewriting character classes so regexes, split and tr/// behave correctly on codepoints. You can run scripts as "perl mb.pm script.pl" (modulino), use "use mb" as a source filter on modern Perls, or call mb::qr, mb::split and other mb::* routines selectively at runtime. The module preserves octet semantics for built‑in functions unless you opt into mb::* alternatives, avoids using Perl's UTF8 flag to reduce mojibake, and works across many OSes and very old Perl versions. Tradeoffs to know are that it may produce a transpiled .oo.pl file or needs the wrapper command, casing helpers only handle US‑ASCII by default, Unicode properties and named codepoints are not supported, there are known limits and platform quirks (notably some Windows chdir issues) and a few advanced regexp and boundary features are intentionally omitted. If you need to maintain or port Perl code that deals with non‑UTF8 multibyte text, mb.pm gives a practical, JPerl‑inspired way to do that without rewriting all your string and regex logic.

JIRA::REST is a lightweight Perl client that makes it easy to call Jira's REST APIs from scripts and automation. It wraps Jira Core, Service Desk and Software endpoints behind simple GET, POST, PUT and DELETE methods and returns decoded JSON or plain text so you can work with native Perl data structures. Authentication options include anonymous access, basic username/password, session cookies, Personal Access Tokens and, as of the latest release, Service Account tokens for Jira 11, so it fits modern Jira setups. The module also offers handy utilities for paging through search results, attaching files to issues and accessing the underlying REST::Client when you need lower level control. If you need a minimal, pragmatic way to interact with a Jira server from Perl, and you run Perl 5.34 or newer (tested with Jira Data Center 11.3.7), JIRA::REST is a convenient choice.

Algorithm::QuadTree::XS is a drop-in C (XS) backend for Algorithm::QuadTree that makes quadtree spatial indexing far faster than the pure-Perl implementation. It is used automatically when installed and remains compatible with Algorithm::QuadTree::PP, so you get the same API while benefiting from much quicker searches and inserts for typical spatial workloads such as collision detection, GIS queries, game object management, or any application needing fast rectangular or circular area lookups. Benchmarks bundled with the distribution show substantial speedups and the changelog notes improvements in search performance, memory use for large objects, deduplication of results, and better backreference handling; the author also calls out a small tradeoff where inserting many very small objects may be slightly slower after recent optimizations. The module is actively maintained and recent fixes ensure compatibility with Algorithm::QuadTree 1.0 and address a portability issue in the XS build.

DBIx::QuickORM is a DSL-driven builder for creating composable, reusable object-relational mappings in Perl. It provides nested builder functions to declare ORMs, servers, databases, schemas, tables, columns, links and row classes so you can reuse parts across projects and mix databases or schemas as needed. The toolkit supports autofill schema introspection from live databases, plugins and custom types, and ships dialects for PostgreSQL, MySQL variants, SQLite and DuckDB while letting you override drivers and connection details. Recent releases added a quick() DSL-free entry point, faster batch schema introspection, and a compare-and-set cas() operation for guarded single-row updates. If you want a flexible, extensible way to map relational schemas to Perl objects across multiple servers or SQL variants, DBIx::QuickORM is designed to make that simple and composable.

Lingua::JA::KanjiTable supplies ready-made Perl character properties that map to Japan's official kanji lists so you can write regexes like \p{IsJoyoKanji} or \p{IsJinmeiyoKanji} to test, filter, or validate characters against the government Joyo and Jinmeiyo kanji tables. It exports convenient "Is" property names by default and also provides optional, dated variants for specific editions, which makes it easy to enforce edition-specific rules for name validation, form input, search, or other text processing tasks that need authoritative kanji membership checks.

DBIx::Auto::Migrate is a small Perl helper that wraps DBI connections and automatically applies schema migrations defined in your code, making it easy for server or desktop programs to upgrade their database at runtime. You create a simple database wrapper package that provides a migrations list of SQL statements plus basic connection subs like dsn, user, pass and an optional extra for DBI options, then call finish_auto_migrate to enable the feature. The module exposes connect and connect_cached methods that mirror DBI but take no arguments. Migrations are plain SQL statements and the first migration must create an options table that the module uses to track the current migration number. Migrations only run forward so be careful when changing them. The author designed it to work with multiple engines such as PostgreSQL and SQLite, but full cross-database guarantees are not promised and more testing is needed.

GitHub::RSS is a small helper that periodically syncs GitHub issues and their comments into a local database so you can build RSS feeds or otherwise query a stable cache of issue activity. It connects to GitHub using an API token that can be supplied directly or read from a JSON token file and stores fetched data via a DBI handle, so you can use SQLite or another supported database. The module tracks the time of the last stored update and provides methods to fetch and store all issues or only those changed since the last check, with options to catch up by fetching extra pages of historical data. If you need to turn GitHub issue activity into an RSS feed or keep a local copy of issue history for reporting, this module handles the synchronization and storage details for you.

Object::Configure is a lightweight Perl utility that makes it easy to inject runtime configuration and logging into your classes so you can tune behavior without changing code. It merges settings from class-specific files, parent-class files and an optional universal section, accepts environment-variable overrides, and will construct a Log::Abstraction logger for you if needed, so you can control logging per-module at runtime. It also provides instantiate to wrap third-party classes and a hot-reload system that can watch config files and push updates into registered objects on Unix systems by forking a watcher and signaling the parent process. The module is ideal when you want fine-grained, outside-the-code control of timeouts, retries, and logging, but be aware it uses global registry state, hot reload is not supported on Windows, the configure function is large, and its internal deep-merge replaces arrays rather than merging them.

DBIO::DuckDB is a small DBIO component that plugs DuckDB-specific storage and schema management into DBIO-based applications. When loaded into a DBIO::Schema class it makes the schema use DBIO::DuckDB::Storage so your app gets direct access to DuckDB features like the Appender API for fast bulk inserts, Arrow-style columnar fetches, and table-function helpers to read CSV, Parquet, or JSON files. It builds on DBD::DuckDB, a pure-FFI DBI driver that requires libduckdb at runtime, so you keep DBI conveniences such as transactions and result sets while gaining DuckDB’s embedded, columnar analytics capabilities. Schema install, diff and upgrade are handled by a test-deploy-and-compare flow via DBIO::DuckDB::Deploy, and the included tests use in-memory DuckDB databases for easy local verification. Use this module if you already use DBIO and want to leverage DuckDB’s performance and IO features without rewriting your ORM layer.

PDF::Make is a self-contained Perl PDF toolkit built on a pure C engine (libpdfmake) that implements its own compression, encryption, font handling, and image decoding so it has no external runtime dependencies aside from Object::Proto for the high-level API. It offers two layers: a chainable, user-friendly PDF::Make::Builder for rapid document creation with automatic layout, word wrap, and font metrics, and a low-level XS API (Document, Page, Canvas, etc.) when you need direct control over PDF objects and content streams. The distribution also includes parsing and extraction tools, font and image embedding, interactive forms and fields, link actions, digital signatures, redaction and sanitisation, layers, attachments, and output features like linearization. Choose PDF::Make if you want a feature-rich, dependency-light solution for generating, editing, and reading PDFs from Perl, with both high-level convenience and low-level control.

App::karr is the engine behind karr, a Git-native kanban tool that keeps task cards and board configuration inside Git refs so your repository remains the single source of truth. The karr command line lets you create, list, move, and inspect cards that are ordinary Markdown files with YAML frontmatter stored under refs/karr/*, and each command materializes a temporary board view and writes changes back into refs to avoid adding persistent board trees or causing file-level merge conflicts. It is aimed at teams that prefer to manage task state alongside their code, and it includes features like numeric id allocation, append-style activity logs, and sparse YAML configuration layered over sane defaults. You can run karr from a provided Docker image or directly from a Perl install, and the distribution also exposes lower-level modules so automation scripts can load, snapshot, create, and push tasks programmatically. If you want a lightweight kanban workflow that is tightly integrated with Git rather than with external services, App::karr and the karr CLI are likely relevant to your workflow.

Tree::DAG_Node is a mature Perl class for building and manipulating ordered N-ary trees by treating each node as an object that knows its mother, its ordered daughters, a name, and an arbitrary attributes hashref. You can use it directly to create trees or subclass it to add domain-specific behavior, and it enforces tree invariants so nodes cannot have two mothers or become their own ancestors. The module provides a large toolkit of practical operations including adding and removing daughters, splicing and replacing nodes, traversal via a depth-first walk_down callback, copying subtrees, finding ancestors or common ancestors, converting to and from list-of-lists notations, and pretty ASCII rendering or string serialization for read/write, with attention to utf-8 handling. It also offers delete_tree to break circular references so memory can be reclaimed and utilities for addresses, generations, and leaf queries that make tree processing straightforward. The interface is feature rich so it may feel heavyweight for trivial trees but remains efficient for simple uses, and recent updates include documentation fixes and distribution modernizations such as an updated license bundle and tidy Makefile.PL dependencies in v1.36.

Params::Validate::Strict is a Perl library for rigorously checking and sanitizing named parameters against a declarative schema. You describe each field with types, ranges, regexes, optional/default rules, transformations and custom reusable types, and the module returns a new hashref with validated and coerced values or reports errors when inputs do not match. It also supports nested structures, per-element checks for arrays, union types, cross-field checks and relationship rules like mutually exclusive or dependent parameters, so it fits use cases from API and form validation to feeding test generators or a web application firewall. The API is compatible in spirit with older validators and includes hooks for custom callbacks and logging, and the author provides bug reporting and test coverage links while noting the module is supplied without warranty.

Desktop::KDEActivity::Util provides a tiny, focused set of Perl helpers for working with KDE Activities from scripts and small tools. It exposes functions you can optionally import to read the current activity (by name or GUID), list all known activities, and switch the current activity by name while handling the GUID translation that KDE tools often require. Each function returns an enveloped result as an array with an HTTP-like status code, a human reason string, an optional payload and optional metadata so callers can detect and handle errors cleanly. The functions are simple to use from command line utilities or automation tasks and are exported only on request. The 0.002 release is a small maintenance update that removes some old vestigial code.

OpenAPI::Modern is a Perl helper that validates HTTP requests and responses against OpenAPI v3.0, v3.1 and v3.2 documents and returns a JSON::Schema::Modern::Result describing errors and the deserialized request or response data, so you can check conformance and extract typed parameter and body values easily. It works with common web request/response objects by converting them to Mojolicious messages, provides validate_request and validate_response helpers, can locate the matching path/operation in your spec, follow $ref chains to fetch referenced components, and can optionally populate defaults into the deserialized data. The distribution bundles up-to-date OpenAPI metaschemas and supports media-type decoding, rich parameter styles including query and cookie parsing, and caching-friendly loading for preforked apps. The author notes a few unimplemented areas to be aware of, such as multipart and application/x-www-form-urlencoded encoding and no built-in verification of Authorization headers, but most typical API validation needs are covered. Recent updates include trying to decode message content even when the best-matching media type is "*/*", stricter load-time validation of path and server templates, and removal of some hard dependencies to reduce runtime requirements.

Term::ANSIEncode is a Perl module that turns a simple token-based markup into ANSI escape sequences so you can produce colored, styled and cursor-controlled terminal output without hand-crafting escapes. You write text with tokens such as [% RED %], [% BOLD %], [% LOCATE 10,5 %], BOX/ENDBOX and WRAP/ENDWRAP blocks and the module emits the appropriate sequences, including 24-bit RGB colors and a large set of Unicode symbols when the terminal supports them. The distribution also provides a command-line tool (ansiencode) and options to use an abbreviated symbol table for faster startup or the full table for richer graphics, and recent releases have focused on expanding tokens, improving Unicode and truecolor detection, and speeding up output. If you need portable, tokenized control of colors, cursor movement, simple frames and text wrapping for terminal UIs or ANSI art, this module is a practical choice.

HTTP::Session is a lightweight, PSGI-friendly session manager that provides a simple, pluggable API for storing and managing web session data using interchangeable storage backends (memcached, CHI, file, in-memory, etc.) and state mechanisms (cookies, URI, mobile IDs). It exposes straightforward methods to get, set, remove and enumerate session keys, expire or regenerate session IDs, finalize commits, and apply filters to HTML, redirects and headers before responses are sent. The module supports configurable session-ID generators and cookie options like HttpOnly and SameSite, making it easy to slot into existing Perl web apps, but it is now deprecated in favor of Plack::Middleware::Session and will no longer be maintained. Recent updates hardened session ID generation by using Crypt::URandom for unpredictability and fixed related vulnerabilities, and improved memcached ID validation.

Net::Nostr is a full-featured Perl implementation of the Nostr protocol that provides both a WebSocket client and a relay server plus a rich set of helper modules for identity, event creation, signing and validation. Start with Net::Nostr::Key for identity management and Net::Nostr::Event for building and verifying events, then use the client to connect to relays or run Net::Nostr::Relay to host one. The distribution implements a wide range of NIPs to support direct messages, encrypted payloads, channels, media attachments, wallets and payments, relay discovery and management, lists and filters, remote signing and many other protocol extensions so it is suitable for building clients, bots, relays or integrations in Perl. Recent releases tightened UTF-8 and byte-level handling for event serialization and message parsing to avoid malformed or wide-character JSON, and added improved TLS support including native TLS listeners and exposed TLS client options for secure wss connections.

MIDI::Util is a small collection of practical Perl utilities for working with MIDI and musical data, designed to complement MIDI::Simple and related modules. It helps you set up a MIDI::Simple score with sensible defaults, convert human-friendly note names and durations into MIDI-ready values, inspect internal MIDI mappings, compute ticks and microsecond timing, and turn scores into low-level event lists. It also generates timidity configuration snippets and can drive timidity or fluidsynth to play a score, so it is handy when you need quick playback or to target a specific soundfont. Nothing is exported by default and functions are grabbed as needed, making it useful for scripts that assemble or analyze MIDI without reimplementing common helpers. Recent releases added a scale_names() helper for compatibility with Music::Scales and cleaned up documentation and playback support.

Email::Abuse::Investigator inspects the raw source of a spam or phishing message and automates the routine work abuse investigators do: it walks the Received header chain to find the likely originating IP and owner, extracts and resolves all HTTP/HTTPS links from text and HTML parts, and pulls domain intelligence such as A/MX/NS records, RDAP/WHOIS registrar and registrant details, and flags like recently-registered or expiring domains. You feed it a raw RFC‑2822 message with parse_email() and then call methods like originating_ip(), embedded_urls(), mailto_domains(), abuse_contacts(), risk_assessment(), abuse_report_text() or report() to get curated, human-readable findings and suggested abuse recipients. The module caches lookups per message and optionally across messages via CHI, supports IPv6, can follow common object-store or shortener redirects when LWP::UserAgent is present, and can use Net::DNS, AnyEvent::DNS and Domain::PublicSuffix to improve accuracy and parallelism. It is practical for analysts and automation pipelines but has a few known limits: body text is not charset-converted, the bundled MIME parser is a lightweight implementation that may drop tricky parts, trusted_relays CIDR matching is IPv4 only, WHOIS rate limits are not retried, and the class is not thread-safe. The code is on GitHub and distributed under GPL2.