CPANscan

Database::Abstraction is a lightweight, read-only ORM-like layer for Perl that lets you access CSV, PSV, XML, SQLite and BerkeleyDB data without writing SQL by providing a single, consistent API for fetching rows, columns and counts. You typically subclass it per dataset and then call methods such as fetchrow_hashref, selectall_arrayref or use the AUTOLOAD feature to retrieve a column by name, and it includes configurable caching, flexible logging and a "slurp" mode that keeps small files in memory for speed. It is useful when you need to switch underlying storage formats without changing application logic or when you want simple, read-heavy data access with minimal code. A few legacy quirks remain to be aware of, notably the default CSV delimiter is '!' rather than ',' and the module uses an "entry" column name by default, and XML slurping can be fragile on some files, but recent maintenance continues to improve reliability. The latest release fixed path handling for safer file opens and addressed a DBD::File safety check by canonicalizing directory paths.

HTTP::Tiny is a small, dependency-light HTTP/1.1 client for Perl that makes simple web requests without the overhead of a full user-agent like LWP::UserAgent. It supplies convenient methods for GET/POST/PUT/HEAD/PATCH/DELETE requests, a post_form helper, mirror for saving responses to files, streaming data callbacks, proxy and cookie-jar support, connection keep-alive and timeouts, and basic HTTPS when IO::Socket::SSL and Net::SSLeay are available. The module focuses on correct transport behavior and safe defaults, including TLS certificate verification turned on by default and recent security hardening that strips caller-supplied Authorization, Cookie and Proxy-Authorization headers on cross-origin redirects and prevents automatic https-to-http downgrades unless explicitly allowed. HTTP::Tiny is ideal when you need a reliable, simple HTTP client for scripting and small programs but not a full-featured browser emulator, and callers are expected to provide properly escaped URLs and handle higher-level features themselves.

Dist::Zilla::PluginBundle::Author::DBOOK is a prepackaged set of Dist::Zilla plugins that encodes the build, test, and release workflow Dan Book uses for his CPAN distributions. It wires together metadata generation for GitHub, README and CONTRIBUTING file creation, prereqs discovery from cpanfile or prereqs.json/yml, contributor tracking, git checks, version bumping, tagging and pushing, and common test and manifest handling so you can build and release a module with consistent, repeatable behavior. The bundle also lets you choose the installer plugin, enable POD tests, control the GitHub username used in metadata, and run a dry run of release steps via FAKE_RELEASE. It assumes your repo carries the usual prereq and Changes files and can regenerate files into the repository so the project can be built or installed without Dist::Zilla. Recent updates moved the CONTRIBUTING.md template into the distribution sharedir and added an AI contributions policy to that template.

Wanted is an XS extension that generalises Perl's wantarray so a subroutine can detect exactly how its return value will be used and tailor that return accordingly. It provides a simple want(...) interface plus helpers like wantref/howmany/context and replacement return primitives rreturn and lnoreturn for proper behaviour in lvalue and assignment situations, and it understands VOID, SCALAR, LIST, BOOL, LVALUE/RVALUE, reference types and assignment contexts so you can return scalars, lists, references or perform assignment side effects based on the caller's expectations. Wanted is a maintained fork of the older Want module with fixes for crashes that could occur in threads, tie methods and mod_perl handlers, and it also works with threads by preserving context at thread creation. Be aware of two limits inherited from Perl internals: lvalue context cannot reliably be detected inside eval blocks in modern Perls and want('CODE') can be misleading in scalar context when prototypes are involved, so avoid relying on those cases or use the documented workarounds.

Mojolicious::Plugin::BarefootJS makes it easy to run the BarefootJS server runtime inside a Mojolicious app by registering a "bf" helper that lazily creates a per-request BarefootJS instance backed by BarefootJS::Backend::Mojo and lets you render compiled marked templates as native Mojolicious templates. Install it with $self->plugin('BarefootJS') and then call the bf helper from controllers or templates to produce server-rendered output with the BarefootJS tooling you already use. If you prefer not to run under Mojolicious or PSGI, the same runtime can be driven by BarefootJS::Backend::Xslate using Text::Xslate. The plugin is lightweight, integrates with Mojolicious hooks, and has seen active maintenance through 2026 with recent releases that delivered the initial feature set including the bf helper, the Mojo backend, and a DevReload helper.

BarefootJS::Backend::Xslate is a lightweight rendering backend that lets the BarefootJS runtime render Text::Xslate Kolon templates. It works with a plain Text::Xslate instance so it has no web-framework dependency and runs in PSGI/Plack apps or standalone scripts. Designed to be paired with the @barefootjs/xslate compile-time adapter, it expects templates that call the runtime as a "bf" object and builds Text::Xslate for HTML with automatic escaping while supporting raw markup via mark_raw. You can construct it with an existing Text::Xslate object or by giving template paths and options, and you can override the JSON encoder. The module exposes the small set of operations the runtime needs, including encode_json, mark_raw, materialize and render_named, making it a drop-in bridge between BarefootJS and Xslate templates.

Object::HashBase is a small helper for quickly creating hash-backed Perl classes with an automatic new constructor, simple getter and setter methods, and constants for each field so you can avoid string-typos when accessing the underlying hash. You declare attributes when you import the module and use short prefixes to control behavior such as read-only, write-only, deprecated setters, no-setter, constant-only, or forcing a non-XS implementation. Construction works with key/value pairs, a copied hashref, or an ordered arrayref, and you get an init hook plus optional pre/post init hooks for defaulting and setup; single inheritance is supported and constants are propagated to subclasses. Recent releases added Role::Tiny integration and convenient import prefixes for declaring parent classes and composing roles, making it easier to use HashBase in role-based designs. If Class::XSAccessor is installed HashBase will create faster XS accessors by default, but note that taking raw references to object slots can break when XS is used, and you can opt out per-attribute with the '~' prefix. This module is a good fit when you want lightweight, dependency-light objects and clear, conventional accessors without a heavy object system.

Game::TileMap lets you define and query rectangular two-dimensional tile maps from simple string or array input by pairing character markers with objects in a reusable legend. It builds an immutable grid of Tile objects and supports single- or multi-character tiles, custom classes of objects (for example terrain, walls, or spawn points), and special handling for walls and voids. The module uses a bottom-left origin at [0,0], accepts decimal coordinates for containment and accessibility checks, and provides methods to fetch a tile, list all tiles of a class or type, render the map to a string, and mark positions for debugging. It is best used for static level layouts and map definitions rather than tracking dynamic game state, and you should note that map markers cannot be whitespace and legend entries must be truthy.

WWW::Mechanize::Chrome lets you control a Chrome or Chromium browser from Perl using the Chrome DevTools Protocol so you can drive modern, JavaScript‑heavy websites just as a human would. It provides high‑level methods to navigate pages, run JavaScript in the page, query DOM nodes with CSS selectors or XPath, fill and submit forms, intercept and modify network requests, capture screenshots or PDFs, and manage tabs and cookies, while hiding the low‑level JSON/DevTools plumbing. You do need a Chrome/Chromium binary on the machine and there are a few browser quirks and unsupported legacy WWW::Mechanize functions, but the module excels for automated testing, scraping dynamic single‑page apps, and producing rendered output. Recent releases improved compatibility with modern Chrome versions by using a temporary data directory by default and restored screenshot support in content_as_png, making it more robust with Chrome 148+ and later.

DateTime::Format::Natural turns casual, human-friendly date and time phrases into DateTime objects so your code can understand inputs like "next tuesday at 2am", "tomorrow morning", "10 weeks ago" or ranges like "1 April 10 am to 1 May 8am". It can also pull parsable date/time fragments out of larger text with extract_datetime, handle durations with parse_datetime_duration, and offers options to set the reference "now", choose time zone handling, control numeric date formats, prefer or demand future dates, and tweak daytime boundaries. The parser provides success() and error() so you can detect failures, and trace() for debugging, but be aware parse methods always return a DateTime object even on failure so you should check success() before using results. Recent updates add a calendar conversion layer allowing non‑Gregorian calendars and introduce built‑in holiday formats like christmas and new year, along with improved ISO8601 handling and fractional seconds support.

App::Ack is a small internal helper module for the ack command line search tool that collects a set of utility routines ack uses at runtime. It supplies ack-flavored warning and error output, prints the built-in help pages and subpages for file types and colors, returns the program version string, detects whether input is coming from a pipe, computes the proper exit code based on how many matches were found, and can show filetype associations for a filename. This module is intended for use by the ack script itself rather than as a standalone library, so most users will interact with ack directly rather than calling these functions.

CPANSA::DB exposes the CPAN Security Advisory dataset as a ready-to-use Perl data structure, providing a single db() subroutine that returns a hashref of all advisory reports; it is the data backend used by CPAN::Audit but can be consumed by any code that needs CPAN vulnerability or advisory information. Each release is also distributed with a GPG signature and a GitHub attestation so you can verify the archive came from the official source, and the same dataset is available as JSON and on GitHub for easy access.

Time::Str is a Perl library that parses and formats date and time strings across a wide range of standard formats and real-world variants, letting you convert text timestamps to Unix epoch seconds or to parsed components and render epoch values back to RFC3339, RFC2822, HTTP, SQL, ASN.1, iCal and many other common formats. Its three main routines are str2time to produce a numeric timestamp with optional fractional seconds, str2date to return validated components (year, month, day, hour, minute, second, nanosecond and timezone fields) without requiring a timezone, and time2str to format epochs with configurable precision or exact nanosecond control. The parser accepts ISO 8601/RFC3339 and a permissive "DateTime" grammar, supports timezone offsets and DST-aware timezone objects, and can resolve ambiguous abbreviations when you supply a timezone_map, while precision rules ensure predictable truncation when parsing and rounding when formatting. Time::Str ships with an optional XS backend for speed and a Pure‑Perl fallback, interoperates cleanly with DateTime, Time::Moment and Time::HiRes, and reports errors by croak so calling code can trap parse and usage failures. Note the documented limitations: month and day names are English only, ISO week and ordinal dates are not supported, years are limited to 0001–9999, and timezone abbreviations are captured but not auto-resolved unless you provide mappings.

BarefootJS is a server-side runtime for templates compiled from JSX/TSX into a marked template plus client JavaScript. It is engine- and framework-agnostic and delegates tasks that depend on the rendering environment, such as JSON marshalling, raw-string marking, JSX children handling, and named-template rendering, to pluggable backends. Shipping backends include BarefootJS::Backend::Xslate for Text::Xslate and BarefootJS::Backend::Mojo for Mojolicious, and the core itself only uses Perl core modules so you only pull in a template engine or web framework when you install a backend. Use this module when you want a single Perl runtime to drive JSX/TSX-style templates across different web frameworks and template engines. The distribution is newly released with the initial engine-agnostic runtime and backend-driven design.

DBIx::Class::Schema::GraphQL automatically generates a ready-to-run GraphQL::Schema from an existing DBIx::Class schema so you can expose your database as GraphQL without hand-crafting types or resolvers. It maps table columns to standard GraphQL scalars, exposes relationships as fields, produces singular lookups and plural "allX" queries with filtering, ordering and both offset and cursor pagination, and creates create/update/delete mutations for each source while handling composite primary keys. The module returns a GraphQL::Schema you can pass to GraphQL::Execution and the original DBIC schema as context, making integration straightforward. Bear in mind a few deliberate limitations: related fields are unfiltered, mutations accept only scalar inputs and update is a full update, cursors work only with primary-key ordering, custom SQL types become plain strings and there are no subscriptions, and you should include a scalar field (for example total) alongside nodes in plural queries to avoid a resolver quirk. This is the initial v0.0.1 release aimed at quickly exposing DBIx::Class models over GraphQL for typical CRUD workloads.

PSGI::Handy is a tiny, dependency-free application layer for PSGI that bundles a router, request and response objects and a per-request context into a single-file framework. You build an app by injecting a template renderer and optionally a database handle, register routes using readable patterns like :name and a trailing * splat, and call to_app to get a standard PSGI application that any PSGI server can run. Route handlers receive a Context object that exposes request params, a stash, DB access, rendering helpers and response builders, and may return a Response object, a PSGI array ref or a plain string treated as HTML. The router matches paths exactly and supports method-based 405 handling, query and urlencoded form parsing is provided but multipart uploads and streaming responses are not supported, and HEAD requests are served by the GET route with the body removed. Because it requires only core Perl, PSGI::Handy is easy to test and ideal for small services, prototypes or when you want a minimal, readable PSGI app. This is the initial 0.01 release.

Cpanel::JSON::XS is a high-performance, C-backed JSON encoder/decoder for Perl that prioritizes correctness and Unicode handling while offering many practical options for real-world use. It provides a simple functional API plus a configurable object interface to produce UTF-8, ASCII or latin1 output, pretty-printing, canonical key sorting, relaxed parsing modes, object serialization hooks, incremental stream parsing, and fine-grained controls for booleans and bignums. This cPanel-maintained fork adds public bug tracking, ithreads safety and numerous robustness and security fixes while remaining fully compatible with common Perl JSON front-ends such as JSON::MaybeXS so it will be picked automatically where available. Note that recent releases changed the default to accept non-reference top-level JSON values for compatibility with other JSON modules, which can be reverted by calling allow_nonref(0) if you need the older, stricter behavior. If you need fast, standards-conscious JSON handling in Perl and care about correct Unicode and edge-case behavior, Cpanel::JSON::XS is an excellent choice.

Protocol::HTTP2 is a Perl implementation of the HTTP/2 protocol (RFC 7540) that provides stateful encoders and decoders for HTTP/2 frames so you can build your own client, server or intermediary on top of any event loop and plain or TLS sockets. It includes helper classes for clients and servers, a Connection module that handles protocol state, an HPACK implementation for header compression, protocol constants and a trace/debug facility, and comes with examples showing ALPN/NPN and HTTP/1.1 Upgrade usage; you can also query the protocol identifier strings for TLS and plain connections. The project is marked beta by the author and some features are incomplete or not implemented, most notably parts of flow control and priority handling, the CONNECT method and a few frame encoders, so it may not be ready for all production workloads. A recent and important update fixed a remote denial-of-service "HTTP/2 Bomb" vulnerability (CVE-2026-10725), so users should upgrade to the latest release for that security fix.

DateTime::Format::RelativeTime is a Perl implementation of the web Intl.RelativeTimeFormat API that produces localized, human friendly phrases like "in 3 months", "yesterday" or "1 day ago". It uses Unicode CLDR data via Locale::Unicode::Data and Locale::Intl to support many locales and numbering systems, accepts numeric offsets or DateTime/DateTime::Lite objects to compute the largest unit difference, and exposes options for locale, style (long, short, narrow) and numeric handling (always or auto) so you can get either strict numeric output or idiomatic words such as "tomorrow". You can obtain either a simple formatted string with format or a structured array of parts with formatToParts for custom rendering. The module aims to match browser behavior, so some locale and numbering fallbacks mirror web engines, and you should create and reuse formatter objects because initialization performs CLDR lookups. It limits displayed numeric precision to 15 significant digits and requires Perl 5.10.1 or later.

CGI::ACL is a compact Perl helper for CGI scripts that decides whether to allow a client based on IP addresses or CIDR ranges, country codes and whether the client appears to be hosted by a major cloud provider. You configure it by calling methods such as allow_ip, deny_country, allow_country and deny_cloud and then invoke all_denied to get a simple 1 (deny) or 0 (allow) answer; country checks use an optional CGI::Lingua object to resolve the client country. The module defaults to allowing all traffic unless you add rules, supports deny_country('*') to switch to default-deny with an allow list, and performs verified reverse DNS checks to identify cloud hosts which take precedence over explicit allow_ip entries. It handles IPv4 and IPv6, supports CIDR caching for performance, can be configured at runtime with Object::Configure and uses a guarded synchronous DNS lookup with a timeout to avoid indefinite blocking. The recent 0.08 release fixed multiple correctness and security issues including a REMOTE_ADDR handling bug that could lead to loopback being treated as the client, improved IPv6 cloud detection, added DNS timeouts and CIDR caching, and generally hardened error handling; be aware that IP based controls can still be bypassed by proxies or VPNs.

App::XWindowManagerUtils is a small Perl toolkit for working with the X Window Manager, aimed at scripts and automation that need to discover or inspect open windows. Its main offering is the exportable list_xwm_windows function which accepts options such as a boolean detail flag and a query array and returns a predictable, enveloped result made of an HTTP-like numeric status code, a human reason string, an optional payload with the window data, and optional metadata for extra context. The structured return makes it easy to detect errors and programmatically consume results from Perl on X11 systems. The distribution is lightweight and early stage (version 0.001) and the source and CPAN page are available for more details or contributions.

DateTime::Format::Intl brings the browser-style Intl.DateTimeFormat API to Perl so you can produce locale-aware date and time strings from DateTime objects using real CLDR data. It accepts BCP 47 locale tags, time zones, numbering systems and the same component or style options you know from the web API, and offers handy methods for formatting single dates, date ranges, and for returning the formatted parts for custom rendering. The module mirrors common Intl behavior including dayPeriod and timeZoneName options, exposes resolvedOptions, pattern and skeleton information, and provides a few extras such as greatest_diff for range formatting. It is dependency-heavy and requires DateTime::Format::Unicode, DateTime::Locale::FromCLDR, Locale::Intl and Locale::Unicode::Data and Perl 5.10.1 or newer, so object construction can be expensive and you should create and reuse formatter objects rather than rebuilding them for each date. Note that the implementation only supports the Gregorian calendar and some constructor matcher flags are effectively no-ops because it aims to match browser behavior. If you need accurate, CLDR-driven, locale-sensitive formatting in Perl this module gives a close equivalent of the JavaScript Intl.DateTimeFormat API.

Geo::Coder::OpenCage is a lightweight Perl client for the OpenCage Geocoding API that makes forward and reverse geocoding easy by converting place names into coordinates and coordinates into human readable addresses, returning the API response as a parsed Perl hashref. You must supply an OpenCage API key and the module defaults to HTTPS with HTTP::Tiny (10 second timeout) but lets you provide your own UserAgent for things like rate limiting; it supports common API options such as language, result limit, and country hints and expects character (not byte) strings. Calls like geocode(location => ...) and reverse_geocode(lat => ..., lng => ...) warn and return undef on failure rather than dying, so you should check response->{status}{code} for success and rate limit information. Recent updates improved the default HTTP client configuration and JSON error handling, avoided exposing API keys in messages, and tightened tests, making the client more robust and safe to use.

DBIx::QuickDB is a developer-focused utility that makes it trivial to spin up temporary database servers for testing and development, supporting PostgreSQL, MySQL variants and SQLite out of the box and optionally DuckDB when available. You can declare named, globally accessible databases at compile-time or create and manage instances on the fly with build_db, and each instance can be autostarted, bootstrapped from a directory, seeded with SQL, cloned, pooled or cleaned up automatically. Configuration is simple and flexible via a spec hash or environment variables such as QDB_TMPDIR and DB_VERBOSE, and you can tune startup and shutdown timeouts via QDB_START_TIMEOUT and QDB_STOP_GRACE for slow CI hosts. The module includes safety features for stopping and cleaning up servers, but its cleanup option will delete directories so you should not point it at any production data. Recent fixes improved robustness against a PID-reuse race that could accidentally shut down the wrong server and added tunable timeouts and other stability enhancements to make it more reliable on slow or idiosyncratic platforms.

Hypersonic is a benchmark-focused Perl micro HTTP server that JIT-compiles C at build time so the hot path runs in native code for very high throughput. Handlers that return static responses are executed once at compile and baked into C string constants while dynamic routes run Perl per request with JIT-compiled request objects, and the core event loop (kqueue/epoll or io_uring where available) is generated as C and compiled via XS::JIT. The framework also supports WebSockets, optional room-based broadcasts, server-sent events and streaming, TLS via OpenSSL, gzip compression via zlib, session cookies, a JIT-compiled async thread pool, and a way to inject custom C helpers or whole route handlers with need_xs_builder. You must have a C toolchain and the XS::JIT ecosystem plus any optional libraries like zlib or OpenSSL, so Hypersonic is best suited to projects that value extreme performance and are comfortable with a compile step and native dependencies. A recent notable change makes compile() derive the JIT module id from an MD5 hash of the generated C source instead of a random number, improving cache stability and reproducible builds.

Metrics::Any::Adapter::Statsd is a lightweight Metrics::Any adapter that sends metrics to a statsd server over UDP, emitting each metric as its own UDP packet to a configurable host and port (default 127.0.0.1:8125). Counters, gauges and timings are translated to standard statsd formats and multipart metric names are joined with periods, while distribution observations are emitted as two submetrics named count and sum. This adapter does not preserve labels and will collapse labeled values into a single aggregate, so labeled gauges may not be useful and you should consider the DogStatsd or SignalFx adapters if you need tagging. Recent releases tightened documentation and tests and fixed several CVEs related to disallowed characters in metric and label names. The module is a practical choice for simple unlabelled statsd reporting but does not yet support non-default sampling-rate emission or richer labeling.

BATsh is a pure-Perl bilingual shell interpreter that lets you write and run scripts mixing Windows cmd.exe batch syntax and Unix bash/sh syntax in the same file with automatic, line-by-line switching and a shared variable store. You can run script files, execute inline source strings, or drop into an interactive REPL, and the module implements many common CMD and SH builtins such as SET, IF, FOR, functions, pipelines, redirection, command substitution and parameter expansions so typical cross-platform shell logic runs inside Perl without invoking an external shell. Nonbuiltins are still launched as external programs via the host OS so tools like FINDSTR or SORT work only if the corresponding executable exists on the platform. Not everything from either shell is reimplemented though, so some CMD features like variable substring expansion and dynamic pseudo-variables are missing and the SH side lacks arrays, filename globbing, tilde and brace expansion, process substitution, full job control and a few other advanced features, and parenthesized groups do not create isolated subshells. If you need a portable way to combine batch and shell styles inside Perl scripts or to prototype mixed-mode scripts without installing separate shells, BATsh is a compact, self-contained option and its source and issue tracker are on GitHub.

Mojolicious::Plugin::OpenAPI lets you drive a Mojolicious web app from an OpenAPI/Swagger document by automatically adding routes and performing request and response validation against the API spec. It supports OpenAPI v2 and v3 though v3 may not implement every feature, and it exposes helpers such as openapi.valid_input and openapi.spec plus a special openapi renderer that validates and formats responses before they are sent. The plugin is extensible with bundled plugins for CORS, security and spec rendering and offers configuration options for routing, coercion and output formatting so you can adapt it to protected APIs or custom renderers. Recent releases improved multipart/form-data handling by combining body parameters and uploads for easier file and form processing. If you want your Mojolicious app to follow a formal API contract and get automatic validation, documentation endpoints and convenient helpers, this plugin is a solid, actively maintained option.

Test::Against::Dev is a practical tool for checking whether monthly Perl development releases break the installability of selected CPAN modules. It automates downloading a dev tarball, building and installing that perl, fetching a cpanm, running installs for a curated module list or a CPAN River file, and then parses the build logs into per-module JSON and a pipe-separated summary that records PASS or FAIL for each module and release for easy spreadsheet analysis. The workflow is intended to run on a stable Unix host under your control rather than relying on CPANtesters infrastructure so you can monitor the specific modules that matter to you or your organization. The module has a number of CPAN dependencies and is designed for Unix environments so it is not expected to work on Windows or VMS. In the latest release the package stopped using FTP and the Perl::Download::FTP dependency so tarballs are now obtained via HTTP(S).

Storable is a fast, widely used Perl module for serializing and persisting complex Perl data structures to files, sockets or memory so you can save and later restore hashes, arrays, scalars and references. It provides simple procedural routines like store and retrieve for disk files, nstore for portable network order, store_fd/fd_retrieve for working with open filehandles, freeze and thaw for in-memory serialization and dclone for deep cloning. Object classes can customize how their instances are serialized and restored via STORABLE_freeze and STORABLE_thaw or attach hooks, and lock_store/lock_retrieve offer advisory file locking. The core is implemented in C for speed and it supports canonical ordering for reproducible dumps and optional CODE reference serialization via deparsing. Be aware that Storable is not safe for untrusted input because deserialization can load modules, run code or trigger destructors, and it cannot handle some types like GLOBs and certain regex constructs reliably; also references used as hash keys do not survive round trips exactly. Use Storable when you need efficient persistence, fast IPC or convenient deep cloning of Perl data, but avoid accepting Storable documents from unknown sources.