CPANscan

File::FStore is a toolkit for managing a hash-based, final-state file repository in the Fellig format where files are treated as immutable and tracked by cryptographic digests and a small set of integrity-focused metadata. It lets you create and open stores, query files by digests, properties or identifiers, run transactions, and perform maintenance tasks like scanning, scrubbing and fixes to repair or rebuild links and metadata. The module integrates with Data::TagDB for richer metadata, File::Information for file analysis and Data::URIID for extraction, and it exposes helpers to add new digests and to run migrations and exports, although some helper methods are marked deprecated and the add_digest API is experimental. Use File::FStore when you need a durable, integrity-checked file store with digest-based lookup and basic lifecycle tools, and use companion modules if you require more extensive tagging or metadata features.

Map::Tube::Generic is a lightweight wrapper that lets you pick a metro network at runtime and then find shortest routes between stations using whatever concrete Map::Tube implementation you choose. You construct it by naming a location or by supplying an existing map object, and most calls are simply delegated to the underlying map module so you get the network features without hardcoding a specific implementation. The module also provides utilities to discover available map modules across namespaces and to check which features a chosen map supports, but XML and JSON map input are not yet implemented. Errors are raised if a requested map module cannot be found or loaded. This is the first public release (version 0.1.0) and is intended for cases where you want runtime flexibility in selecting or enumerating metro network backends.

CVSS is a Perl module for calculating Common Vulnerability Scoring System scores and converting between representations such as vector strings, JSON and XML. It supports CVSS versions 2.0, 3.0, 3.1 and 4.0 and offers both object oriented and simple functional interfaces so you can build metrics programmatically, parse an existing vector string, or generate a vector string from metric parameters. From a CVSS object you can obtain base, temporal and environmental scores, the qualitative severity label and the individual metric values, and the module includes convenience helpers like decode_cvss, encode_cvss and cvss_to_xml. The implementation follows the official FIRST CVSS specifications, is open source, and is listed by FIRST as a community CVSS calculator library.

EV::Websockets is a Perl interface that lets EV-based applications use the native C libwebsockets library to run WebSocket clients and servers without blocking the EV loop. It gives you a Context to manage connections and listeners, high-level connect/listen/adopt calls, and simple callbacks for connect, message, close, error, pong and drain events so you can integrate WebSockets into existing event-driven programs. The module supports TLS, proxies, per-connection headers, connect timeouts, streaming fragmented sends, backpressure control via send_queue_size and on_drain, and a per-connection stash for metadata, and it can adopt sockets from PSGI servers like Feersum. Performance-focused by design, it uses libwebsockets for low latency and high throughput and includes examples and benchmarks. API calls that mutate a gone connection will croak while lifecycle controls like close or pause_recv are safe no-ops in cleanup paths. Recent releases fixed loop-stalling and TLS context issues and a 0.09 update ensures compressed frames using permessage-deflate are correctly reassembled into single messages.

SimpleFlow is a tiny pure-Perl workflow manager and logger that helps make long, error-prone shell pipelines easier to run, debug and reproduce. It exports two helpers, task and say2, where task runs a single shell command while timing it, capturing stdout and stderr, recording exit code and signal, validating declared input and output files, logging a structured record and returning a detailed result hash, and say2 prints a message both to standard output and to a given log filehandle prefixed with the calling file and line number. Tasks are restartable because SimpleFlow will skip a step when all declared outputs already exist, and you can force reruns with an overwrite flag or inspect the plan with a dry run. By default task dies on a nonzero exit or missing outputs but you can disable that to handle failures yourself. SimpleFlow runs commands via Perl system calls so making the commands portable across operating systems is your responsibility, while the module itself includes sensible cross-platform handling for exit decoding and terminal color. It is lightweight, easy to drop into existing Perl scripts, and aimed at improving reproducibility and traceability of shell-based workflows.

Tk::ListEntry is a lightweight Tk widget that acts like BrowseEntry but without a separate button, so clicking the text field itself pops up a selectable list. It supports all standard Entry options and adds convenient features such as a -command callback fired on Return or item selection, an optional -filter mode to live-filter list entries, a -motionselect flag to pick items on hover, and the familiar -popdirection and -values behavior from PopList. The module exposes Entry and List subwidgets and a validate method to check whether the current text is one of the allowed values. Recent updates simplified event handling by using Enter and Leave to relax the global grab and removed prior workarounds, improving the reliability of the pop-up interaction.

CPAN::Maker is a command line tool that helps Perl authors build a CPAN distribution from their project by reading a YAML "buildspec" and producing a Makefile.PL and a packaged tarball, typically by invoking a supplied bash helper called make-cpan-dist. It can scan your modules and scripts for dependencies, include executables and extra files, populate META information and resources, and validate a buildspec against a JSON Schema so it is useful in repeatable builds and CI pipelines. The tool normalizes common buildspec key styles and can auto-generate dependency lists or accept cpanfile-style inputs, and it honors environment flags such as PRESERVE_MAKEFILE to keep the generated Makefile.PL, SKIP_TESTS to avoid running tests, and DEBUG for verbose diagnostics. If you want an automated, configurable way to assemble a CPAN release from a project tree without hand-editing Makefile.PL, CPAN::Maker provides that workflow. In the recent 1.9.3 release the script was made friendlier to embedding and testing by returning from its main path instead of forcibly exiting, and a bug in man-page link generation was fixed.

CLI::Simple is a focused, object-oriented base class for building Perl command line tools that need options, subcommands, and positional arguments. It is built around the modulino pattern so a module can also be run as a script, it auto-creates getter/setter accessors for options, integrates with Log::Log4perl for logging, and provides handy internal commands to generate bash completion, dump a YAML manifest of your interface, scaffold role stubs, and migrate legacy scripts. For larger projects it supports a role-based workflow declared in a YAML manifest where each command is implemented as a Role::Tiny role, letting you move from a single-module script to composable roles incrementally. The module deliberately keeps dependencies small and does not impose a heavyweight framework, making it a good fit for internal tools, admin scripts, and any CLI where you want just enough structure without complexity. Recent 2.0.x work introduced the role and scaffolding features and the 2.0.7 release includes small packaging tweaks such as changing the default modulino install path to the system site bin.

Font::FreeType is a Perl wrapper around the FreeType2 library that makes it easy to load font files, inspect font metrics, render glyphs to bitmaps, and extract scalable outlines for use in images, SVG, PDF or layout tools. You work with a small, Perl-friendly API: create a Font::FreeType object, open a face from a font file, set size and resolution, then fetch glyphs by character, code point or name and get bitmap data, outline paths and metric values. The module exposes FreeType load flags and adds higher-level helpers such as iterating glyphs and accessing name tables, character maps and bounding boxes. It requires the underlying FreeType C library and was originally noted as beta, but recent maintenance through 2020 fixed compatibility and loading issues and added convenience features, so it is a practical choice when you need programmatic font access or glyph rendering from Perl.

Zonemaster::Backend is the server-side component for running Zonemaster DNS tests remotely and asynchronously via an RPC API. It lets you decouple test execution from client code so you can submit zone checks, let the backend run them, and retrieve results later, which makes it a good fit for web front ends, automation pipelines, or shared testing services that need to scale or run tests in the background. The module is provided as free software under a 2-clause BSD license.

Zonemaster::LDNS is a Perl binding to the ldns DNS library that gives Perl programs a full-featured resolver for sending and receiving DNS queries, performing zone transfers, and inspecting packets. It exposes a simple object you can construct from system or explicit nameserver addresses and use to run queries by name, type and class, perform reverse lookups, collect AXFR records via a callback, and load zone files, while offering control over common resolver options such as recursion, DNSSEC, EDNS size, retries, timeouts, source IP and port. It also provides utility functions for IDN conversion when libidn2 was present at build time and query helpers that return Zonemaster::LDNS::Packet objects or plain address/name lists, and it will throw exceptions on error so callers can handle failures. The module is maintained as part of the Zonemaster project, is BSD 2‑clause licensed, and the recent 5.1.0 release added support for Extended DNS Errors and updated the bundled ldns to 1.9.2.

Zonemaster::Engine is the core Perl component of the Zonemaster DNS test system that automates a wide set of checks to assess the quality and correctness of a DNS zone. It exposes a simple API for running all tests for a zone or individual test modules and methods, and returns structured log entries while letting you control profiles, logging, caching and recursive lookups. The module also offers helpers for ASN lookups, synthetic test setups such as fake delegation and fake DS records, and utilities to preload or save caches and reset internal state so it integrates well into tooling and automated workflows. If you operate DNS zones, run a registry or build DNS validation tools this is the programmatic engine you would use to run Zonemaster tests. Note that the recent v9.0.0 release removed some deprecated profile properties and changed the format for saved packet serialization and added independent caching for custom recursive lookups so review the upgrade notes before updating.

Zonemaster::CLI provides a simple command line front end for running Zonemaster DNS zone tests from the terminal, so system administrators, domain owners and automation scripts can perform quick checks and diagnostics of domain name configurations. It wraps the Zonemaster engine into commands you can run interactively or call from shell scripts to validate delegation, name server behavior and other common DNS issues, making it easy to add zone validation to troubleshooting and monitoring workflows. The module is free software released under the 2-clause BSD license and is maintained by Vincent Levigneron.

AI::Agent::Skills::SiteKit is a tiny Perl helper that makes it easy to build links and metadata for the AI Agent Skills site at aiagentskills.net. It exports simple functions like skills_url to return the base skills endpoint and search_url to create a search link from a query string. If your script, web app, or bot needs to generate or canonicalize links to AI Agent Skills without hardcoding paths or rolling your own URL logic, this lightweight module gives a straightforward, focused way to do that.

Algorithm::Heapify::XS is a small, fast Perl extension that adds in-place heap primitives for treating ordinary arrays as binary heaps so you can efficiently get or maintain the top element without sorting the whole list. It provides heapify, push, shift, and adjust operations in four flavors for numeric or string ordering and for min or max heaps, plus helper functions to compute parent and child indices. Typical uses are finding the top K items, implementing lightweight priority queues, or adjusting an element whose weight has changed, and all operations work directly on the array and return the current top. The module is implemented in XS for speed and therefore must be built with a C compiler and Perl build tools, and functions are not exported by default so you must request the symbols or use the provided export groups.

PAGI is a modern specification for building asynchronous web applications in Perl and a direct successor to PSGI designed to handle long‑lived protocols like WebSocket and Server‑Sent Events as well as traditional HTTP. It defines a simple, async message-based application interface where your app is an async coderef that receives a scope describing the connection and two async callbacks for receiving and sending events, with explicit backpressure via Futures so streaming and background work are practical. PAGI is the specification only and is intentionally split from the reference server and the application toolkit which now live in the PAGI::Server and PAGI::Tools distributions, though the PAGI distribution still pulls them in temporarily for compatibility. The specification is stable while the reference server and toolkit are considered beta and are recommended to run behind a reverse proxy in production until they are more battle tested. The project ships extensive learning material including a tutorial, cookbook, and migration guide from PSGI and recent changes reorganize the distribution into pure spec POD, add connection metadata flags like response_started and response_complete, document middleware scope cloning semantics, and shift header byte-safety enforcement to the server. If you need to write async-capable Perl web apps that stream, push events, or maintain persistent connections, PAGI is the place to start and you can try it quickly by installing PAGI::Server and PAGI::Tools and running pagi-server.

Data::URIID extracts identifiers and useful metadata from URIs, QR codes and related inputs so your app can display, link and enrich objects with names, thumbnails, icons and canonical IDs. You create an extractor object, call lookup on a URL or other supported input and receive a Data::URIID::Result that exposes identifiers by type and attributes like displayname. The extractor can work offline or perform controlled online lookups, is configurable with a user agent and preferred language tags, and integrates with Data::Identifier and a catalog of service handlers to recognize many URI schemes, tag and acct URIs, digests, barcodes and common well known IDs. Recent updates added explicit support for geo: and ni:// URIs, replaced built‑in ISBN handling with Business::ISBN, improved result casting and added an is_on_earth attribute plus the ability to set the identifier used for Earth. This module is a good fit for systems that need to parse scanned codes or links and reliably map them to canonical identifiers and display information, but note that lookup will die on failure rather than return an empty result.

Crypt::PasswdMD5 is a small utility module for creating MD5-based password hashes compatible with Unix crypt and Apache .htpasswd formats. It supplies unix_md5_crypt and apache_md5_crypt functions for producing the exact hashes used by modern systems and Apache, and a helper random_md5_salt to generate salts when you do not supply one. Use this module when you need to create or validate legacy MD5 crypt password entries or manage .htpasswd files. The author notes it is intended for password authentication and is not a good choice for other cryptographic uses.

Tree::Cladogram turns a simple text description of a tree into a polished cladogram image using either Imager or Image::Magick, making it easy to produce publication or web-ready diagrams from tab-delimited input files (the expected header is "Parent\tPlace\tNode" and skeleton nodes are numbered and hidden). You use it by creating a Tree::Cladogram::Imager or Tree::Cladogram::ImageMagick object with options for fonts, colors, branch thickness, margins, step sizes and output filename, then call run to write an image whose format is chosen from the output file suffix. The distribution includes command-line scripts, sample .clad data and example outputs, and supports the wide range of image formats available to Imager or Image::Magick. The module is practical for researchers, educators, and anyone who needs to convert hierarchical data into readable cladograms, and note that recent maintenance updated the packaging and replaced the LICENSE with a GPL version 2 style license in the 1.05 release.

SPVM::Sys is a comprehensive, portable bridge from SPVM to operating system services that gathers file and directory management, low and high level I/O, file descriptors and stat information, pipes and popen, sockets and networking primitives, select and ioctl, process control like fork, exec, wait, kill and alarm, environment and user/group database access, and time utilities into a single API familiar to Perl users. It wraps many submodules to expose system calls and common filetest operators such as -e, -f, -r and -x, and adds helpers like a cross‑platform TCP keepalive setter. Windows filename handling is done for you with automatic UTF‑16/UTF‑8 conversion. If you write SPVM code that needs direct, portable OS interactions this module provides the low‑level building blocks in a single, consistent package.

SPVM::Net::SSLeay is a native SPVM port of Perl's Net::SSLeay that exposes OpenSSL 1.1.1 functionality to SPVM programs, letting you create SSL contexts, perform TLS handshakes, read and write encrypted streams, inspect certificates and configure callbacks and verification. It models OpenSSL's SSL data structure and includes a broad set of companion classes for X509, EVP, PEM, BIO, PKCS12, error codes and constants so you can work at the same low level as Net::SSLeay or build higher level socket layers like IO::Socket::SSL. The module implements a thread-safe callback mapping so SPVM callbacks can be invoked from native OpenSSL events and it also documents a few behavior details around EOF and error handling to match modern TLS practices. It requires OpenSSL 1.1.1, supports LibreSSL and is actively maintained; the most recent release improved portability and Windows/MSVC support, fixed leaks and warnings, and tightened build and test reliability.

CSS::Minifier::XS is a compact, high-performance CSS compressor that strips unnecessary whitespace and comments while preserving important constructs like copyright notices and the Mac/IE comment hack. It exposes a single easy-to-use function, minify($css), which returns a syntactically safe, smaller CSS string and performs practical reductions such as removing units from zero values and trimming redundant semicolons. Because the heavy lifting is implemented in XS this module runs far faster than pure-Perl minifiers, making it handy for build pipelines or on-the-fly optimization, and the recent 0.14 release fixes a memory leak that could occur when an entire stylesheet minified to nothing.

Data::JPack is a small packaging toolkit that helps Perl developers bundle JavaScript, text and binary assets for web clients so applications can run from local files or be embedded directly into HTML without running a server. It provides a simple server-side API to create packer objects, encode and decode whole payloads or stream them by emitting a header, one or more data chunks, and a footer, and it can produce either external data files or inline embedded content for offline or single-file deployments. The module aims to simplify delivering templated content to browsers and to prepare payloads that work with a client-side companion (Data::JPack::App) and with worker pools for CPU-intensive JavaScript tasks. Configuration options let you point to an HTML container, choose inline versus external packaging, and enable basic compression using the deflate algorithm. Note that the current implementation only supports the "data" package type and deflate is the sole compression option.

Dist::Zilla::Plugin::CycloneDX is a small Dist::Zilla plugin that generates a CycloneDX software bill of materials (SBOM) and includes it in your distribution. It produces an SBOM from the metadata already present in your META files so you can add standardized supply‑chain metadata with minimal fuss. Other Dist::Zilla plugins that implement the CycloneDXSource role can extend what gets included, so the output can be enriched as needed. This initial release is a lightweight way for Perl module authors who use Dist::Zilla to produce CycloneDX output from existing distribution metadata.

Stats::LikeR is a compact toolkit that brings R-like data frame manipulation and a wide range of statistical routines to Perl, letting you read and write CSV/TSV tables, reshape between array-of-hashes, hash-of-arrays, and hash-of-hashes, and run common analyses such as summary statistics, t‑tests, ANOVA, linear and generalized linear models, PCA, chi‑square and nonparametric tests, correlations, and more. It includes helpers for table operations like filter, group_by, assign, csort, add_data and transpose, column-wise utilities such as col2col and vals, random and distribution generators, and conveniences like seq, sample, uniq and value_counts, all designed to feel familiar to R users while working naturally with Perl data shapes. Performance-sensitive pieces are implemented in XS where appropriate and the API supports formula notation for modeling plus a predict routine to score new data. Be aware that many numeric reducers and tests treat undefined values strictly and will die on undef inputs unless handled first, which makes the module strict but helps catch data problems early. If you need R-style data wrangling and statistics inside Perl without switching languages, this module is highly relevant.

Test::Mojo::Role::OpenAPI::Modern adds OpenAPI-aware validation helpers to Test::Mojo so you can assert that HTTP requests and responses from your Mojolicious app conform to an OpenAPI document. You give it an OpenAPI::Modern object or let it pick one up from your app configuration and then use simple test methods like request_valid and response_valid, their inverse forms that can match specific error messages, and operation_id_is to check the invoked operation. It can return or print the JSON::Schema::Modern::Result objects for diagnostics and has a test_openapi_verbose switch to automatically dump validation failures. Note that for testing you should use a relative openapi_uri so test request URIs match the spec. This role is a straightforward way to bring OpenAPI and JSON Schema validation into your Test::Mojo suite.

SBOM::CycloneDX is a Perl library for creating, manipulating and validating OWASP CycloneDX software bills of materials. It exposes rich object models for components, services, dependencies, vulnerabilities, metadata and other CycloneDX concepts so you can build a BOM programmatically, serialize it to CycloneDX‑compliant JSON and validate it against the spec. The module supports CycloneDX versions 1.2 through 1.7 and includes convenient helpers for adding dependencies, finding components by PURL or bom-ref and converting BOMs to hashes or strings. The latest updates deprecate SBOM::CycloneDX::Vulnerability::Source and SBOM::CycloneDX::Issue::Source and make JSON::Validator based tests optional, and the distribution is useful for developers, security teams and build or CI tooling that need to generate or audit SBOMs for supply‑chain and compliance workflows.

constant::string is a tiny Perl pragma that lets you declare string constants whose values are the same as their names so that a symbol like FOO evaluates to the string "FOO" without you repeating the literal. You pass it a list of identifiers and it installs compile-time constants in the caller, leveraging Perl's built-in constant pragma so the values are inlined and efficient rather than being ordinary runtime sub calls. It is handy when you want simple symbolic tokens, event names, labels, or enum-like values without typing the strings repeatedly. Initial release: 2026.26.

Clownfish is a lightweight "symbiotic" object system and code generator designed to make it easier to build high‑performance language extensions in C and expose them cleanly to other host languages. It provides a small runtime with core data types and a root Obj class, plus a compiler called CFC that generates C headers, host-language bindings, initialization glue and documentation from simple Clownfish class descriptions. The system supports single inheritance, virtual dispatch, lazy creation of host objects, introspection and guaranteed ABI stability so you can add or reorder methods and fields without breaking binary compatibility. Clownfish is already used by the Apache Lucy project and offers feature‑complete support for C and Perl 5, experimental Go bindings and early work for Python and Ruby, making it a good fit if you need modular, fast bindings or a shared C library with cross‑language APIs. The recent 0.6.4 release fixes clang warnings that blocked installation on macOS, and ongoing work aims to broaden host language support and add interface features.

Clownfish::CFC is the compiler component for the Apache Clownfish system that developers use to turn Clownfish interface descriptions into the C runtime, language bindings, and documentation needed to build or embed Clownfish-based libraries in other languages. This is an alpha release whose public API has been intentionally cloaked, so internal interfaces may change and the module should be treated as experimental. It is distributed under the Apache License 2.0 and has an active changelog addressing build and portability issues across platforms and host languages; the most recent fix removes clang warnings that previously prevented installation on macOS. If you work with Apache Clownfish or need an automated way to generate multi-language bindings and C glue code, this is the tool you would use, but expect evolving behavior while the project matures.