CPANscan

Object::HashBase is a lightweight utility for quickly building hash-based Perl objects by auto-generating a new() constructor, attribute constants and accessor methods from a simple list of field names. You declare attributes when you use the module and it creates getters, set_foo setters and FOO constants, with modifiers for read-only, write-only, deprecated setters, constant-only fields and the ability to opt out of XS generation. It supports hashref and arrayref constructors, single inheritance with inherited constants, class-level hooks for pre- and post-init initialization, and a helper to list a class's attributes. If Class::XSAccessor is installed accessors are generated in XS for speed but that can interfere with taking direct scalar references to the underlying hash slots in rare cases. Recent changes added Class::XSAccessor support, expanded init hook functionality and fixed a double-import bug.

Sys::OsRelease is a lightweight Perl helper that reads the standard /etc/os-release file defined by freedesktop.org and exposes the system or distribution identity to Perl programs, providing a singleton instance with auto-generated read-only accessors for common fields like ID, NAME, VERSION_ID and ID_LIKE plus methods to check and retrieve arbitrary attributes and the file path. It keeps dependencies minimal, lets you tweak the search path or recognized common platform names, and is useful for installers, container tooling and scripts that need to detect OS type on Linux and BSD systems while falling back to Perl's $Config{osname} if no os-release file is present.

Qmail::Deliverable is a Perl module for qmail-based SMTP servers that quickly checks whether a local email address is actually deliverable by applying the same address-to-user and .qmail logic qmail uses. It exports handy functions like qmail_local, qmail_user, dot_qmail and deliverable, and ships with a root-run daemon (qmail-deliverabled) plus a client for use from unprivileged SMTP daemons, so you can reject unknown recipients early and avoid wasting resources on spam scans or generating backscatter. The deliverable call returns fine-grained status codes that indicate not deliverable, temporarily undeliverable, unknown, or various positive delivery indications, and it includes special handling for vpopmail and common Plesk bouncesaying cases. The module intentionally fails safe for .qmail files that run programs so catch-all or program-based deliveries are treated as deliverable, and it has some limitations such as no support for user+ext syntax beyond hyphen, no percent-hack handling, plain-text control file use rather than CDB, refusal of non-ASCII addresses, and relatively limited production history. It is fast in normal setups with thousands of checks per second and offers an experimental caching path for much higher throughput.

Dist::AutomationPolicy is a small helper for Perl distribution maintainers who want to publish machine-readable policies about automated code and contribution workflows, making it easy to generate and validate the CPAN-META/automation-policy.json file that describes how code is produced, whether third-party bots may file issues or patches, and what repository actions automated agents are allowed to perform. The module provides a simple constructor, a set of predefined templates for common stances such as no_automation, human_supervised or full_automation, validation against the schema, and convenient to_json and from_json methods so you can produce or read the policy file from your build or release tooling. It supports the initial v1 policy schema, complements human-readable AI_POLICY.md or CONTRIBUTING.md files, and is aimed at projects that want a clear, machine-readable signal of their automation practices. This is an initial prototype released to CPAN with source and issue tracking on GitHub and requires Perl 5.24 or later.

Text::JSCalendar is a small Perl utility that maps between traditional iCalendar (RFC 5545) and the newer JSCalendar format so you can parse, compare, normalize, and serialize calendar events in Perl. It converts vCalendar text into Perl event structures and turns one or more events back into an iCal string, provides a cached timezone lookup for speed, a NormaliseEvent helper that removes default-valued fields, and a CompareEvents routine to test equality. This module is useful when you need to bridge CalDAV or iCalendar-based systems with JSCalendar-aware clients or tooling, and it aims to make format conversions and simple event operations straightforward.

Matplotlib::Simple is a Perl convenience layer that turns Perl data structures into Python3 matplotlib scripts and images, saving editable Python files (by default under /tmp) and optionally running them, so you only need python3 and matplotlib installed. It exposes a compact Perl API for common chart types — bar, barh, boxplot, hexbin, hist, hist2d, imshow, pie, plot, scatter, violinplot and colored tables — and supports single plots and multi subplot layouts, colorbars, labels, log scales, shared colorbars, and many matplotlib options via a Perl-friendly options hash. You supply hashes, arrays or nested structures as data and configure per-plot settings like colors, figure size, axis labels and annotations without writing Python code. The module aims to make common plotting tasks much easier than using raw matplotlib and lets you either execute the generated script or keep it for manual editing and faster batch generation.

Mail::Make is a strict, RFC-aware MIME email builder for Perl that gives you a fluent, chainable API to assemble messages with plain text, HTML, inline images and file attachments. It automatically picks the correct MIME structure for alternatives, related inline parts and mixed attachments, encodes non-ASCII headers correctly, and can rewrite and embed external HTML assets into cid inline parts or fetch and cache them for you. You can produce the message as a string, a scalar reference or stream it directly to a filehandle to avoid memory bloat, and the module can submit mail via SMTP with authentication and TLS options. It also provides OpenPGP and S/MIME helpers for signing and encryption, with GPG delegated to the gpg executable and S/MIME using Crypt::SMIME which requires the full message in memory. If you want a high level, validating way to build and deliver complex MIME emails from Perl, Mail::Make is a practical and well featured choice.

RT-Extension-ToggleTheme is a small RT 6 plugin that adds a light/dark mode toggle to the web interface navigation bar so users can switch the UI between light and dark appearances. It works with any Bootstrap 5 theme and displays for users who hold the ModifySelf right, appearing in both the privileged and self-service portals. The extension is installed as a standard RT plugin and enabled in RT_SiteConfig so users can choose their preferred theme without altering system styles. Recent updates removed an Elevator-only restriction and ensured the toggle works across all Bootstrap 5 themes and in the self-service interface as well.

WWW::Vonage::API is a lightweight Perl client that simplifies calling Vonage's REST APIs by wrapping endpoint construction, HTTP verbs, JSON encoding, and basic authentication into a single object. You create a WWW::Vonage::API instance with your API_Key and API_Secret and then call GET, POST, PATCH, PUT or DELETE with the resource path and a Perl hashref payload; GET payloads become query strings and other verbs send JSON bodies. The module understands Vonage's varied domain, region and version patterns and lets you set API_Domain, API_Region or API_Version globally or per call, and responses are returned as a hashref containing the raw content, HTTP code and message for you to inspect. Most features in the Vonage platform are accessible, including messaging, reports, accounts and voice, but note that only Basic Authentication is implemented at this time and JSON Web Token based calls are not yet supported. This release is the initial import of WWW::Vonage::API.

Mojo::SQL is a small Perl helper for building SQL queries safely and modularly. It converts each ? in your SQL into a bound parameter to prevent SQL injection and lets you compose partial statements recursively so you can build dynamic WHERE clauses and reusable fragments. Use sql() to create safe, bindable statements and sql_unsafe only when you need to insert already-escaped SQL, with provided PostgreSQL helpers escape_literal and escape_identifier to help with that. You can also change the placeholder character for databases that do not use numbered placeholders. The module produces objects exposing final SQL text and bound values for use with DBI or other drivers and is part of the Mojolicious ecosystem under the MIT license.

Getopt::WonderBra is a small Perl utility that parses command line arguments the way the classic Unix getopt program does, which makes it useful when porting shell scripts to Perl or when you need traditional getopt behavior. It provides a single exported getopt function that separates short flags, options with arguments, and long options and returns the leftover parameters, and it wraps your main::help and main::version handlers so that --help and --version produce the expected output on the correct stream and then exit. Note that the module deliberately replaces main::help with a wrapper that exits the program, so calling help after using getopt will terminate execution by design to ensure correct behavior with piping and error messages. The module is lightweight and was first released as version 0.01.

GDPR::IAB::TCFv2 is a Perl library for decoding and inspecting IAB Transparency & Consent (TCF) version 2 strings, returning an immutable object with easy access to fields like creation time, CMP id and version, language, policy version, vendor list version, and predicates for purpose consent, legitimate interest, vendor consent, disclosed or allowed vendors, special-feature opt-ins, and publisher restrictions. It provides TO_JSON serialization with configurable output shapes, a companion Validator class for policy-driven checks against vendor profiles, and a command-line tool (iabtcfv2) with dump and validate subcommands plus a Docker image for pipeline use. Parse validates base64url strings, supports a strict TCF v2.3 mode, vendor prefetching for range-based encodings, and JSON formatting options for compactness, booleans, and date handling. The project entered maintenance mode with the v0.400 release on 2026-05-09, marking the core parser, validator, and CMP-validator surfaces as feature-complete for TCF v2.3 while continuing to receive bug and security fixes and accept community patches for the remaining roadmap items. If you need to programmatically read, serialize, or validate TCF v2 consent strings or integrate consent checks into tooling and CI, this module is a direct fit.

Module::Generic is a heavyweight base class and utility toolkit you can inherit from to build feature-rich Perl objects quickly, with a consistent error and logging model, typed accessors, dynamic object creation and convenient serialization. It supplies dozens of helper "_set_get_*" methods for common types such as scalars, numbers, booleans, datetimes, UUIDs, IPs, URIs, files, arrays and nested object classes and it can generate full Perl packages on the fly via create_class so you can declare methods and nested types with very little boilerplate. The module also provides AUTOLOAD-based dynamic accessors that map hash keys to methods, an as_hash exporter for JSON-friendly data, robust serialize/deserialise support for Sereal, CBOR, Storable::Improved and JSON, flexible coloured terminal output and message logging helpers, and an error/exception system that returns exception objects and a null object for safe chaining. Recent releases added an XS backend that accelerates a dozen hot helper routines while falling back to pure Perl when no shared library is available and the latest release added small file-related helpers in Module::Generic::File. Note that some metaprogramming features such as dynamic class creation and symbol injection carry thread-safety caveats and are intended to be used during initialization rather than concurrently at runtime.

IPC::Manager is a lightweight framework for local interprocess messaging that lets processes on a single machine create or connect to a shared data store and exchange message objects without a central broker. You create a datastore with ipcm_spawn and share the returned connection string so other processes can ipcm_connect and send or receive IPC::Manager::Message instances, with the store able to be temporary or persistent. The module picks a suitable transport automatically or lets you choose from several client protocols including filesystem pipes and unix sockets or DB-backed stores for MySQL, PostgreSQL, SQLite and others, and it supports pluggable serializers with sensible defaults such as JSON::Zstd when available. It also provides helpers to fork managed service and worker processes that join the IPC bus and it will notify clients and clean up when a temporary store is shut down. Use it when you need reliable local message passing between multiple processes without running an external messaging server.

EMDIS::ECS is a mature Perl implementation of the EMDIS Communication System that automates secure, auditable exchange of structured messages and documents using encrypted email and, optionally, AMQP messaging. It wraps PGP/GnuPG encryption, SMTP for sending and POP3/IMAP or DIRECTORY for receiving, and provides utilities like ecstool and ecs_scan_mail plus Docker setups for testing and deployment, while managing node state, sequencing, retransmit requests, and document exchange. The module is useful if you need an interoperable, configurable messaging transport for partner-to-partner data transfer where encryption, message sequencing, and administrator notifications matter; it expects you to provide or configure mail servers and OpenPGP key material. Recent updates added AMQP and document exchange support, modern OAuth2/SASL options for cloud mail providers, improved gpg pinentry handling, and timing controls (T_INBOUND) to make short-lived runs such as Lambda-friendly executions behave predictably.

Radamsa is a Perl 5 module that provides simple bindings to the Radamsa mutational fuzzer so you can produce fuzzed variants of byte strings from Perl code. It exposes a one-off function, mutate, and an object-oriented interface via new, accepts options such as seed and max_len, and returns mutated outputs you can feed into parsers, protocols, or file readers for robustness testing. The CPAN distribution includes a vendored Radamsa C source so installation does not require fetching the original toolchain. Note that the underlying library keeps internal mutation state between calls so a fixed seed influences but does not guarantee identical byte-for-byte results across repeated calls in the same process. This module is useful for developers and testers who want to automate generation of malformed or unexpected input to exercise error handling and find bugs.

Masscan::Client is an object-oriented Perl wrapper around the external masscan port scanner that makes it easy to build scans, run them and parse masscan's JSON output into native Perl data structures. You construct a client, add hosts, single ports or ranges and extra masscan arguments, configure options like the binary path, name servers, verbosity and whether to run with sudo, then call scan and read structured results that list timestamps, IP addresses and open ports with details. The module handles validation, logging via Log::Log4perl and DNS lookups, and it discovers the masscan binary from your PATH if you do not set it explicitly. It is ideal if you want to orchestrate masscan from Perl code and consume results programmatically, but it does require the external masscan executable and the runtime privileges needed to execute it.

SQL::SimpleOps is a lightweight Perl utility that builds and runs common SQL operations so you can write concise code for inserts, updates, deletes and selects without handcrafting SQL each time. It wraps DBI for MySQL/MariaDB, PostgreSQL and SQLite and also supports a generic DSN mode so you can swap engines with minimal code changes. The module offers a constructor-driven configuration or a JSON config file, an aliases table to map friendly names to real tables and columns, flexible where and having clause builders, and convenient result buffering into arrayref, hashref, scalars or callbacks with extra options for keyed hashes, reversed order and index lists. Advanced features include SelectCursor for cursored pagination, SelectSubQuery for building subqueries, a plugin hook model for custom drivers or preprocessing, and options to log messages to stderr or syslog and to save executed SQL to disk for debugging or recovery. It is a command builder and executor rather than a SQL parser so you should already be familiar with SQL and DBI. Recent releases added explicit DSN and standard DBI connector support, an alias_with_as option, ignore_plugin and message warning controls, and improved plugin error handling.

Net::CIDR::Lite is a lightweight Perl module for efficiently collecting, merging and querying IPv4 and IPv6 CIDR ranges and plain IP or hyphenated ranges. You create a CIDR list object, add ranges or single addresses, and then produce a compact set of merged CIDR blocks or hyphenated ranges, or test whether an IP is contained in the set; it also offers a "spanner" helper to label multiple range sets and test many addresses against them in bulk. The library is designed as a faster alternative to Net::CIDR for large inputs, with caching and an optional binary-search mode to speed repeated lookups and methods to normalize or clean addresses. The author notes basic input validation is performed but warns garbage in, garbage out if you need stricter checks. Recent releases include important security hardening and parsing fixes that tighten input validation by rejecting tricky inputs such as Unicode digits, trailing newlines and zero‑padded masks, and by correcting IPv4‑mapped IPv6 parsing and other IPv4/IPv6 edge cases.

TOML::Tiny is a minimal, pure-Perl TOML parser and serializer that implements TOML v1.0 and provides both simple procedural functions and an object API for easy integration. It converts TOML documents into native Perl data structures with tables as hashes and arrays as arrayrefs, maps booleans to 1 or 0 by default, and emits datetimes as RFC3339 strings unless you supply an inflate_datetime hook to create DateTime objects. Large integers and floats that do not fit native Perl types are returned as Math::BigInt or Math::BigFloat but can be handled by custom inflate_integer and inflate_float callbacks. The module aims for compatibility with the older TOML modules while defaulting to somewhat stricter parsing, supports binary, octal and hex integers and special float values like inf and nan, and reports syntax errors by dying in scalar context or returning undef and an error message in list context. Overall it is a lightweight, dependency-light choice if you need a straightforward TOML reader and writer in Perl.

YAML::LibYAML is a Perl interface that gives you fast, standards-compatible YAML serialization and deserialization by binding Perl to the libyaml C library through XS. The CPAN distribution name is YAML-LibYAML but the module you should consult and use is YAML::XS, whose documentation covers installation and usage. If you need to read or write YAML from Perl and want solid performance and a battle-tested implementation, this module is a good fit.

Crypt::HSM is a Perl wrapper for PKCS#11 libraries that lets Perl programs talk to hardware security modules, smartcards, or software token providers such as SoftHSM. It models providers, slots, tokens and sessions so you can load a PKCS#11 library, enumerate slots, open authenticated sessions, find or use keys stored on the token, generate random data, and perform common cryptographic operations like encrypt, decrypt, digest, sign and verify without wrestling with low level PKCS#11 calls. Use Crypt::HSM->load('/path/to/lib') to start and then work with sessions and streams to integrate token-backed cryptography into your Perl applications.

CryptX is a comprehensive Perl cryptography toolkit that bundles the LibTomCrypt and LibTomMath libraries and exposes a family of focused modules for hashing, symmetric and asymmetric ciphers, authenticated encryption, MACs, key derivation, secure random generation, UUID helpers, and ASN.1 parsing. It is the distribution entry point rather than a single API, so in real code you pick the concrete modules you need such as Crypt::AuthEnc::ChaCha20Poly1305 for AEAD, Crypt::Digest::SHA256 for hashing, Crypt::PRNG for secure random bytes, Crypt::PK::Ed25519 or X25519 for modern public-key operations, and Crypt::KeyDerivation for Argon2/PBKDF2-style work. The documentation offers practical guidance on algorithm selection and sensible defaults so you can favor AEAD modes and modern choices like ChaCha20-Poly1305 or AES-GCM where appropriate, while still supporting legacy algorithms for interoperability. Errors are reported via exceptions for most APIs and some AEAD decrypt/verify helpers return undef on authentication failure, so check the concrete module docs for exact behavior. The distribution also includes Math::BigInt::LTM as a big-integer backend. Recent releases added ASN.1 parsing, nonce-misuse-resistant SIV and XChaCha20-Poly1305 AEADs, Ed448/X448 support, new XOF digests (TurboSHAKE and KangarooTwelve), additional stream ciphers and SM4, and various security and hardening fixes.

Archive::Tar is a pure-Perl, object-oriented toolkit for creating, reading, inspecting, modifying and extracting tar archives. It models an archive as a collection of Archive::Tar::File objects so you can add files or raw data, rename entries, change modes and owners, list contents and write the result out as plain or compressed tarballs using gzip, bzip2 or xz when the supporting modules are present. For large archives it offers an iterator to process entries without loading the whole archive into memory and convenience class methods that stream extraction directly to disk. The module exposes runtime switches for safety and compatibility, for example to prevent directory-traversal during extraction, to control whether chown/chmod are applied, and to tune symlink handling and long-path behavior. Because it is implemented in Perl it is highly portable and scriptable but will usually be slower and more memory intensive than the native tar utility. In the latest updates hardlinks are no longer extracted by default and an EXTRACT_HARDLINK flag was added so you can opt in, and when hardlinks are extracted they now follow the same chown and chmod rules as symlinks.

Win32::Process is a Perl interface to the Win32 API for creating and controlling Windows processes, letting you spawn programs, open handles to existing processes, suspend and resume execution, set or read priority and processor affinity, kill processes, wait for termination, and retrieve exit codes and PIDs. It exports a set of familiar CreateProcess flags and priority constants and supports creating a process by executable path or by supplying a command line for PATH lookup, while Open lets you attach to an existing PID (note Open-created objects cannot suspend or resume). The module handles Windows quirks such as STILL_ACTIVE exit codes, provides GetCurrentProcessID that returns the Windows PID on Cygwin, and exposes affinity controls where supported by the OS. Recent updates clarified Wait()’s return semantics, fixed KillProcess on newer toolchains, and allowed Create()’s appname and cmdline arguments to be null so the command can be resolved via PATH. Use this module when you need programmatic process lifecycle and management from Perl on Windows.

Win32 is a Perl module that exposes a broad set of Windows API calls to Perl scripts, making it easy to query OS and hardware details, manipulate files and paths, control console code pages, inspect process and thread identifiers and privileges, show simple GUI message boxes, initiate system shutdowns, generate GUIDs, and perform basic HTTP downloads via the WinHttp library. It provides convenient wrappers for common tasks such as creating files and directories, converting between long, short and ANSI path names, retrieving special folder locations, and getting detailed OS name and version information, so you can interact with Windows system features without writing native code. The documentation notes important caveats around Unicode and short 8.3 path name handling on modern volumes and also calls out a few deprecated functions while recommending Win32::API or Win32::Process for more advanced DLL or process control. HttpGetFile supports only http and https and does not support authentication and a small number of functions are only available in specific builds such as ActivePerl. If you write Perl on Windows and want a ready-made toolkit for common Win32 operations, this module is a practical starting point.

Text::Template::Permute is a small Perl helper for generating multiple variants of a block of text from a simple template language using directives like {{pick: ...}}, {{pick once: ...}}, {{permute: ...}} and {{comment: ...}}; you write a template with options and the module expands those into different text permutations via its process method, which is useful for creating prompt variations, test data, localized strings, or marketing copy. It is intentionally lightweight and geared toward programmatic generation of many text variants without a heavy templating engine. The module is new and minimal, and the recent 0.002 release swapped out a dependency so single-argument permutation cases work correctly by using Permute::Unnamed instead of Set::CrossProduct.

Plack::Middleware::Statsd is a Plack middleware that collects common web metrics from a PSGI application and reports them to a statsd server, letting you monitor request counts, response times, content types, status codes, request sizes, worker PIDs and a few other useful signals without changing your app code. It requires a statsd client such as Net::Statsd::Tiny and exposes that client via the PSGI environment so other middleware or frameworks like Catalyst can emit their own metrics, and you can tweak sampling rate or supply wrapper callbacks for increment, timing and set_add calls. There is an option to catch and handle fatal errors so metrics continue to be emitted, and it integrates with tools like Plack::Middleware::SizeLimit for process metrics. Known caveats are that nonstandard HTTP status codes may not be recognized and it does not instrument the psgix.informational callback, and the module requires Perl v5.20 or later. This module is a practical choice if you want lightweight, configurable statsd reporting for a PSGI/Plack application.

Catalyst::Plugin::Statsd lets a Catalyst web application emit timing and usage metrics to a statsd server so you can monitor response times, profiling points and other Catalyst::Stats data in your existing metrics pipeline. It plugs into Plack::Middleware::Statsd, exposes a statsd_client accessor and a statsd_metric_name_filter you can override to control which metrics are sent and how names are formed, and you can turn off the human-readable stats report if you do not want it in your Catalyst log. The module is intended for developers who already use Catalyst and statsd and works with clients such as Net::Statsd::Tiny, it requires Perl 5.20 or later and warns that heavy profiling can increase database size. Note the important security change in v0.10.0: reporting of raw session ids is now disabled unless the middleware supports secure set logging to avoid leaking authentication tokens, so follow the SECURITY section when you need to count unique sessions. Source and issue tracking are available on the project GitHub.

JSON::Schema::Modern is a full-featured JSON Schema validator for Perl that evaluates Perl data structures or JSON text against JSON Schema documents up through the Draft 2020-12 specification. It returns rich Result objects and provides many knobs for real-world use, including per-schema specification version selection, several output formats, short-circuiting, recursion depth limits, optional format validation, custom format and media-type/encoding handlers, vocabulary extension, caching for large documents, and an option to collect or populate default values. You load schemas or document objects into its internal index and call evaluate or evaluate_json_string to get detailed error and annotation information, which makes it a good fit for validating API contracts such as OpenAPI. Note that it will not automatically fetch schemas from the network or disk for you, some format validators rely on optional CPAN modules, and you should use a reliable JSON decoder such as Cpanel::JSON::XS and avoid running untrusted schemas because embedded regular expressions and numeric operations can be expensive or risky. Recent notable updates include a complete refactor of media-type handling to a shared singleton with improved charset and parameter support and a small configuration rename from max_traversal_depth to max_depth.