CPANscan

HTML::Parser is a mature, event-driven HTML parsing library for Perl that breaks an HTML document into markup and text and invokes user-supplied handlers as it recognizes start tags, end tags, text, comments, declarations and processing instructions. It is built to tolerate the messy HTML found in the wild and offers many options to mimic browser behaviour or to follow stricter XML/HTML rules, supports streaming/chunked parsing and parse_file, provides UTF-8 and XML modes, and lets you control exactly what data each callback receives via a flexible argspec. The module includes tag- and element-based filters to reduce callback overhead, is easy to subclass, and is well suited for tasks like extracting or transforming links, stripping comments, or building higher-level HTML tools. This is a long‑lived, actively maintained module and recent releases fixed a serious memory safety issue (CVE-2026-8829) and updated internal UTF-8 handling.

Tstregex, provided as the command-line tool tstregex and as a Perl module, helps you diagnose why a Perl regular expression did not match by finding the longest partial match and pointing to the exact character and regex token where matching stopped. It pre-parses delimiters and modifiers, runs a "nibbling" search over progressively smaller subpatterns, and returns an easy-to-read diagnostic that highlights the failing portion of the input, shows the offending token, and reports execution time to help spot pathological backtracking or ReDoS risks. You can use it interactively from the shell for quick checks or embed its API in scripts to initialize a regex context, run tests, and retrieve match length or failure token programmatically. The module is cross-platform tested and production-ready, and a recent release renamed the package to Tstregex for correct MetaCPAN indexing while keeping the user-facing tstregex script name.

Amazon::API is a lightweight Perl base class that makes it easy to call AWS service APIs either directly or by generating service-specific subclasses from Botocore metadata with the bundled amazon-api tool. It handles credential discovery and signing, supports common content types and pagination, decodes JSON and XML responses by default, and provides configurable debugging and error-handling behavior so you can fetch raw responses when serialization fails. You can use it as a DIY gateway for a single service or build full Perl service stubs and shape classes from Botocore to get correct request and response serialization. The author notes there can still be serialization edge cases and quirks across different AWS protocols, S3 is not a target for this module, and Paws may be a better choice if you want a fully featured, community-maintained SDK, but Amazon::API is a practical, lower-dependency option when you need a compact way to call one or a few AWS services.

Sereal::Decoder is a high-performance Perl module that turns Sereal binary blobs into native Perl data structures, aimed at fast, compact serialization for caching, IPC, storage, and networked services. It provides both object-oriented and functional APIs, supports compressed payloads (Snappy, Zstd, zlib), can incrementally parse streams, and offers safety and tuning options such as UTF-8 validation, limits on recursion, string/array/hash sizes, and the ability to refuse or neutralize deserialized objects. The module also understands Sereal headers, can decode from files, and includes helpers to quickly detect likely Sereal packets. If you accept data from untrusted sources you can enable strict options to avoid thaw callbacks or compression handling. Recent releases add support for protocol 5 and include important robustness and security fixes, so follow the guidance to upgrade the decoder before upgrading the encoder.

Net::OpenSSH::More is a practical extension of Net::OpenSSH that adds higher-level conveniences for scripting and automation over SSH, making repeated remote commands, file writes and backups, and orchestration much easier. It can keep a persistent remote shell via Expect for faster command execution, auto-manage temporary control paths to avoid leftover files, stream and prefix command output for test harnesses, run locally written Perl subroutines on the remote host via a serialized eval, cache SFTP sessions, and provide shortcuts for common admin tasks plus hooks to run cleanup on object destruction and automatic reconnection on failure. The module is focused on usability rather than low-level plumbing, but the author notes some caveats: the persistent shell is bash-only and can hang on unterminated heredocs or long silent commands and may time out, the portable copy method is not implemented so platform-specific subclasses are needed for safe remote copying, stderr may be merged with stdout in non-persistent mode, and eval_full cannot serialize closures that close over external variables. If you need faster, higher-level SSH scripting with built-in streaming, backup/restore and remote-eval features, this module is likely relevant.

Object::Configure makes it easy to add runtime configuration and fine‑grained logging control to your Perl objects without changing their code by wiring into Config::Abstraction for file and environment settings and into Log::Abstraction for logging. You call configure() from your constructor to merge default parameters with class‑specific, parent and universal configuration files plus environment variables, or use instantiate() to wrap third‑party classes, and you can register objects for optional hot reload so updated config files are applied at runtime on Unix systems. The module focuses on simple, noninvasive integration and supports inheritance so base class defaults can be overridden by child classes, and it preserves coderefs and blessed objects passed as parameters. The recent 0.20 release tightened hot reload reliability by fixing shutdown hangs, corrected reload path handling, improved handling of logger => 'NULL' and preservation of coderefs and object references, and added more complete documentation and tests.

Pass::OTP is a small Perl module for generating standards-compliant one-time passwords using the HOTP and TOTP algorithms. It implements RFC 4226 and RFC 6238 so you can derive HMAC-SHA1 based HOTP codes from a secret and counter or time-step based TOTP codes for time‑based two‑factor authentication. The API exposes hotp, totp and a convenience otp wrapper, and works with Pass::OTP::URI to parse otpauth:// URIs used by Google Authenticator and compatible apps. If you need to produce or verify 2FA codes in Perl for integration with authentication systems or token generators this module provides a lightweight, standards-compatible solution.

Storable::Improved is a lightweight, drop-in replacement for Perl's Storable that preserves the familiar API while addressing long-standing serialization problems left unresolved in core Storable. It safely supports GLOB-based objects and objects implemented in XS so that thawed instances behave like their original native objects rather than fragile Perl-only replicas. The module changes only freeze and thaw and adds two optional hooks, STORABLE_freeze_pre_processing and STORABLE_thaw_post_processing, which let object classes prepare themselves for Storable and restore fully working instances after thaw. If you persist filehandles, IO objects, or XS-backed objects, or if you write modules that need reliable store/thaw behavior, Storable::Improved is a simple, compatible option to try.

Business::ISBN::Data is the data companion for Business::ISBN that supplies the official ISBN range and publisher information derived from the ISBN Agency's RangeMessage.xml. It is normally loaded automatically and provides the group, publisher and prefix ranges needed to parse, validate and identify ISBNs, with a built-in fallback if no external file is available. You can point the module at a newer RangeMessage.xml at runtime using the ISBN_RANGE_MESSAGE environment variable or place the file in the current directory so you can use updated data without reinstalling the module. The data are refreshed frequently and recent updates include fixes for ISBN-13 handling and a fix to avoid unintended autovivification when looking for alternate data, so be sure to use Business::ISBN 3.005 or later. If you write Perl code that needs accurate ISBN ranges for validation or metadata lookup, this module provides the authoritative, regularly updated data you need.

Data::HashMap::Shared provides ultra-fast, file-backed shared-memory hash maps for Linux (64-bit Perl) so multiple processes can read and write a common key/value store with minimal overhead. It offers type-specialized variants for integer and string keys and values, mmap or memfd backing, futex-based read/write locking with a lock-free fast read path, and atomic increment/decrement operations, which makes it especially attractive for counters, shared caches, and high-throughput IPC. Optional features include LRU eviction, per-key TTLs, sharded maps for parallel writes, cursor-safe iteration, batch operations, and a keyword-oriented XS API for top performance; when LRU and TTL are disabled reads are essentially zero-cost beyond a single branch. The API covers the usual map operations plus compare-and-swap, atomic take/pop/shift/drain semantics, multi-key batch calls, diagnostics and reserve/resize controls, and recent releases added CAS for string values along with new per-key TTL helpers such as add_ttl, update_ttl, cas_take, remove_multi, and get_with_ttl. Crash recovery detects and reclaims stale write locks via PID tracking but assumes a shared PID namespace, so cross-container sharing is not supported and calling clear after recovering from a mid-mutation crash is recommended for critical data. If you need a very fast, low-latency shared hash table between processes on Linux and can run 64-bit Perl, this module is highly relevant.

Time::Str is a Perl library for reliably parsing and formatting date and time strings across a wide range of standards. It gives you str2time to turn timestamp strings into Unix epoch seconds, str2date to extract parsed components without requiring a resolved timezone, and time2str to render epochs back into RFC3339, RFC2822, HTTP, SQL, ASN.1 and many other formats. It handles fractional seconds with configurable precision and an exact nanosecond override, includes a permissive DateTime-style parser for many real world inputs, and reports timezone details while intentionally leaving ambiguous abbreviations unresolved so you can decide how to handle them. The module ships with a fast XS backend and a pure-Perl fallback and works smoothly with DateTime and Time::Moment. Note the limitations of the module are English-only month and day names, no ISO week or ordinal dates, a supported year range of 0001 to 9999, and no automatic resolution of timezone abbreviations.

App::Test::Generator turns formal input/output descriptions into ready-to-run Perl test harnesses so you can add comprehensive black‑box checks to your module without hand-writing every case. It reads a schema or extracts one from source, then emits Test::Most .t files that combine randomized fuzzing, deterministic boundary cases, optional static corpora, semantic data generators (email, UUID, timestamps, etc.), and property‑based tests via Test::LectroTest, with support for reproducible seeds, timeouts, and configurable iterations. The distribution also integrates with mutation testing to generate TODO stubs and runnable, augmented schemas for surviving mutants and includes tooling to build a CI dashboard that tracks mutation and coverage metrics. If you maintain CPAN code and want to catch boundary errors, invalid inputs, flakiness, or regressions automatically, this toolkit streamlines that work. The latest release adds MUTANT_SKIP_BEGIN / MUTANT_SKIP_END annotations to exclude source regions from mutation testing and fixes several generator and Windows dependency issues to make the CI and dashboard workflow more reliable.

Authen::Radius is a compact Perl client library for sending and receiving RADIUS requests so your Perl programs can perform authentication, accounting and change-of-authority operations against RADIUS servers. It makes it easy to build packets from named or raw attributes, load FreeRADIUS/GNU-style dictionaries, and use a simple check_pwd helper for quick username/password checks while letting you control timeouts, source binding and retransmit behavior. The module supports modern RADIUS features such as Message-Authenticator, CoA and Status-Server requests, IPv6, tagged and vendor attributes, and can balance requests across a list of cluster nodes. Recent releases enable RFC3579 Message-Authenticator by default and emit it first in Access-Request packets to mitigate the Blast-RADIUS vulnerability, with an option to disable that behavior for legacy servers. Use Authen::Radius when you need straightforward, dictionary-aware RADIUS client functionality from Perl.

GDPR::IAB::TCFv2 is a Perl toolkit for decoding and checking IAB TCF v2.3 consent strings. It gives you a parser object that exposes every field of a consent string, a declarative Validator for asserting that a vendor is allowed for specific purposes on consent or legitimate-interest grounds, and a CMPValidator to check CMP ids against the IAB list. The distribution also bundles a command line tool, a Docker image for pipeline-friendly use, and a tiny one-liner alias for quick scripts. The project entered maintenance mode in May 2026 with the core parser, validator, and CMP-validator complete and further integrations tracked as community help-wanted items. Be aware that a past release moved the parser into a subpackage so code that asserts exact class names may need a small update while all public behavior and output stayed the same.

Net::Versa::Director is a concise Perl client for the Versa Director REST API that makes it easy to query Director and appliance data from your scripts. It supports both basic username/password authentication and OAuth token authentication, with automatic OAuth detection for servers on port 9183 and explicit login/logout methods to obtain and revoke tokens. The module provides high level methods to fetch Director info and version, list appliances, assets and device workflows, inspect device interfaces and networks, and export a device configuration as a string. API errors are surfaced as typed Net::Versa::Director::Exception objects that stringify to readable messages while preserving the full API response for debugging. The module is developed and tested against Versa Director 22.1.4 and recent updates added OAuth support, a get_device_configuration method, and improved error handling; note a prior breaking change made list_device_interfaces return a hash of interface types instead of an array, with the old vni behavior still available via the 'vni' key.

DateTime::Lite is a lightweight, memory‑efficient drop‑in replacement for DateTime that preserves the familiar API while trimming dependencies and startup cost. It bundles a compact SQLite copy of IANA TZif binaries and an XS POSIX TZ parser so timezone offsets are computed accurately even far into the future, and it accepts full Unicode CLDR and BCP47 locale tags including -u-tz- extensions to infer timezones from locales. You get the usual DateTime features: construction from epoch, day‑of‑year or other objects, arithmetic and duration math, leap‑second aware clock math, rich formatting with strftime and CLDR patterns, cloning, and Storable/Sereal/CBOR compatible serialization, with performance‑critical paths accelerated in XS and an optional process‑level timezone memory cache for high throughput. Errors are returned as exception objects rather than causing die by default, and the public interface aims to be compatible so existing DateTime code typically works unchanged. If you need faster startup, lower dependency footprint, precise IANA timezone behavior, or flexible CLDR locale support for command‑line tools, short‑lived scripts, or memory‑sensitive services, DateTime::Lite is a strong alternative. The recent v0.7.0 release added an extended_aliases method to DateTime::Lite::TimeZone for retrieving extended timezone aliases and Japanese localization of the documentation.

App::PDFLibrarian is a command-line toolkit for organizing a local library of scholarly PDF papers and keeping them in sync with BibTeX metadata. It provides utilities to import, replace, and remove PDFs, query bibliographic services such as ADS to fetch citation details, build or edit BibTeX files and citation keys, manage ISO4 journal abbreviations, and rebuild or export links between PDFs and bibliography entries for use in LaTeX workflows. The tool is aimed at researchers who prefer scripted, reproducible management of their document collection and want automated metadata lookup and consistent citation output without a heavy GUI.

Minion is a high-performance job queue for Perl that moves time-consuming or resource-heavy work out of request/response cycles so you can process tasks in the background or across multiple workers. It provides named queues, priorities, delayed and cron-style recurring jobs, retries with configurable backoff, job dependencies, progress and result tracking, rate limiting and locking for concurrency control, unique and expiring jobs, and tools for monitoring and repair. Minion plugs into common backends such as PostgreSQL, integrates with Mojolicious including a web admin UI, supports distributed and parallel workers, and offers conveniences for testing and awaiting job results. It is a solid choice for web applications or scripts that need reliable, feature-rich background processing and includes documentation and examples to help you get started; note that support for custom task classes is marked experimental.

Authen::TOTP is a lightweight Perl module for generating and verifying RFC6238 time-based one-time passwords so you can implement familiar 2FA flows used by Google Authenticator, Authy, Duo Mobile and similar apps. It can create TOTP URIs for QR codes, emit the current OTP from a secret, and validate user-supplied codes with configurable digits, period, algorithm (SHA1, SHA256, SHA512) and tolerance for clock skew. The module passes RFC6238 test vectors and is known to work with GitLab 2FA. Recent releases replaced insecure rand() calls with Crypt::PRNG::random_string_from() to produce safer secrets. It uses common CPAN libraries for hashing and base32 encoding and can hand off URIs to QR code libraries, and while it focuses on simplicity rather than maximum performance it is a practical choice for adding standard TOTP-based two factor authentication to Perl applications.

Win32::Pipe gives Perl on Windows a simple way to create and use Named Pipes for interprocess and networked communication, letting one process act as a server that creates a pipe and waits for clients or as a client that connects to an existing pipe. The module exposes an easy API to create a pipe, connect or accept connections, read and write byte streams, resize the buffer, and close or disconnect when finished. It is useful for piping daemon output to a workstation, lightweight IPC between processes on the same machine, or passing data between machines on a Windows network. Be aware that pipes are byte streams only, the default buffer is 512 bytes and there is a practical instance limit around 256, reads and writes are blocking so a stalled peer can hang a read, and there is no built-in security or async I/O. If you need straightforward, cross-process communication on Win32 and can tolerate blocking I/O and basic functionality, this module provides a focused, easy-to-use solution.

Cache::FastMmap provides a fast, interprocess cache by memory-mapping a file so multiple processes can share key/value data without copying. Its core is written in C and it uses fcntl page-level locking plus a simple LRU policy to keep hot items and reduce contention, giving most lookups near O(1) performance. It supports pluggable serialization (Storable, Sereal, JSON or custom), optional compression, read-through and write-back or write-through callbacks to back an underlying datastore, atomic get_and_set operations, and batch multi_get/multi_set for higher throughput. It is designed for multi-process environments where you either open the cache before forking or connect children to an existing share file, and it runs on Unix-like systems with a Win32 layer available. Note that values cannot exceed a page size so choose pages accordingly, mmap makes processes appear large to the OS, and putting the cache file on tmpfs avoids undesirable disk writeback.

Role::Tiny is a tiny, dependency-light Perl library for composing roles into classes and objects, offering the core features of role-based code reuse without attributes or a heavyweight meta system. It gives you requires to declare required methods, with to compose roles, and optional before/after/around method modifiers via Class::Method::Modifiers when needed. Composition favors the class over the role so existing class methods win and conflicting methods from multiple roles raise an exception unless the class provides an implementation. You can apply roles to packages or individual objects, create a new class with roles applied, and test role application with does_role or the ->does helper. If you want attributes or a richer role protocol use Moo::Role or Moose::Role, and note a couple of minor overload-related caveats on very old Perl versions.

Crypt::OpenSSL::PKCS12 is a lightweight Perl wrapper around OpenSSL's PKCS#12 functionality that makes it easy to load, inspect, create and modify .p12 or .pfx bundles from Perl code. You can open PKCS12 data from a file or a string and extract the certificate, private key and CA chain in Base64 form, verify the file MAC, change passwords, and create new PKCS12 files or return the PKCS12 data as a string, and it also offers an info dump and a structured info_as_hash for programmatic inspection. The module works with OpenSSL 1.x and 3.x and requires a system OpenSSL installation and Perl 5.8 or later. The project is maintained and the recent 1.95 release fixes security issues including an integer overflow and safer password handling, so users are advised to upgrade.

Horus is a high-performance XS UUID/GUID generator for Perl that implements all RFC 9562 versions (v1–v8) plus NIL and MAX and offers ten output formats from hyphenated strings to base64, base32, Crockford and raw binary. It ships without external C library dependencies and is optimized for speed with random pool buffering and bulk generation to produce millions of v4 UUIDs per second while also providing deterministic namespace UUIDs (v3 and v5), time-based variants, validation, parsing, conversion and a simple OO interface. The API is straightforward for both single and bulk generation and includes utilities to compare, extract timestamps and change formats. Recent releases focused on test robustness and platform quirks and improved thread-safety and debugging behavior so the module is stable across a wide range of Perls and environments.

Net::Statsd::Tiny is a compact, dependency-light Perl client for sending StatsD metrics that implements the StatsD Metrics Export Specification v0.1 and can pack multiple metrics into a single UDP packet. It supports common metric types such as counters (with increment/decrement helpers and an update alias), gauges including increment/decrement extensions, timings (timing_ms alias) and histograms, plus set_add for tracking unique values. You can configure host, port, protocol, name prefix and buffering behavior with autoflush and max_buffer_size to batch packets, and the API aims for compatibility with other StatsD clients. The module intentionally does not strictly validate metric values and allows sampling and nonstandard values, so some StatsD daemons may ignore those metrics and not all servers accept multimetric packets. It requires Perl 5.10.1 or later and points users to Net::Statsd::Lite if they want stronger validation and higher performance.

Chandra provides Perl bindings to the webview-c library so Perl developers can build cross-platform desktop GUIs using HTML, CSS and JavaScript. It wraps the native webview on macOS (WebKit/WKWebView), Linux (WebKitGTK) and Windows (Edge/WebView2 with an MSHTML fallback) and exposes a concise API to create windows, run or manually control the event loop, execute JavaScript, inject CSS, bind JavaScript calls back to Perl, and manipulate window state such as title, size, fullscreen and background color. It offers both a simple blocking run() and more advanced init/loop control, supports safe dispatching of JS evaluation from callbacks, and includes examples plus a higher level Chandra::App helper. On Windows you should install the WebView2 runtime or supply WebView2Loader.dll for best modern web feature support because the fallback MSHTML engine is limited. If you want to build lightweight desktop apps with a web UI from Perl or embed a browser view into a Perl program, Chandra is a compact, MIT licensed bridge that gets you started quickly.

Func::Util is a compact toolkit of functional programming helpers for Perl implemented in XS and custom ops for speed, aimed at developers who want concise, expressive utilities without giving up performance. It provides zero-overhead compile-time predicates for common type, truthiness, string and collection checks so operations like is_array, is_true, starts_with and array_len execute as fast native checks, plus faster XS implementations of memoization, pipelines, compose, lazy evaluation, safe navigation, null coalescing and common list/hash transforms like pick, omit, pluck, uniq and partition. For array-heavy workloads it includes pure C comparison helpers such as first_gt and any_ge that avoid Perl callback overhead, and a callback registry that lets you register named Perl or XS callbacks for even higher performance. The module also offers small utilities such as clamp, tap, always, once and replace_all to simplify everyday data handling. Use Func::Util when you want readable functional idioms in Perl but need the extra speed of C-level ops, keeping in mind that operations which still invoke arbitrary Perl coderefs are subject to normal call overhead.

Hypersonic is a performance-first micro HTTP server for Perl that JIT-compiles your routing and event loop into C so the hot path runs at native speed. You define routes, WebSocket endpoints, streaming endpoints and static assets in Perl, call compile to generate C via XS::JIT, and then run the resulting server with optional workers and TLS. Static handlers and files are evaluated once at compile time and baked into C string constants for minimal overhead while dynamic handlers run per request with a JIT-compiled request object, and the framework also offers sessions, middleware, gzip compression, an async thread pool and optional WebSocket room broadcasting. If you need a tiny, extremely fast HTTP server and are comfortable with a compile step and native dependencies like XS::JIT, zlib and OpenSSL, Hypersonic is a strong fit.

Dist::Zilla::Plugin::Docker::API integrates Docker image builds into your Dist::Zilla release workflow so you can produce and publish container images alongside your distribution. You point it at a repository name and one or more tag templates and it will build the image from a Dockerfile during dzil build, optionally load it into your local daemon for verification, and then re-tag and push those tags during dzil release if configured. Configuration options cover the image name, tag templates (for example %v for the distribution version), Dockerfile name, build arguments, OCI labels, target platforms, and flags to control loading and pushing behavior. Legacy option names are accepted but deprecated. If you package Perl software with Dist::Zilla and want to ship Docker images as first-class release artifacts, this plugin automates the build, tagging, and publish steps.

File::Raw::Gzip is a lightweight plugin for File::Raw that transparently compresses and decompresses gzip, zlib and raw-deflate streams so you can read and write compressed files with the same file_slurp/file_spew style calls you already use. It supports full gzip files, zlib streams and raw deflate data, lets you tune compression level, memory and chunk sizing, and can stream large gzip files line by line without loading them into memory. Because it is a pure byte transform it composes cleanly with other File::Raw plugins so you can, for example, read a .csv.gz straight into a CSV parser. The module links against the system zlib library so you will need the zlib development package on Unix or Homebrew on macOS while Strawberry Perl on Windows already bundles zlib. Recent releases fixed a Windows crash related to memory pool handling and bumped the File::Raw prerequisite to ensure correct streaming behavior on Windows.