cpan-audit - Audit CPAN modules

cpan-audit [command] [options...]

Commands:

module         [version range]    audit module with optional version range (all by default)
dist|release   [version range]    audit distribution with optional version range (all by default)
deps           [directory]        audit dependencies from the directory (. by default)
installed                         audit all installed modules
show           [advisory id]      show information about specific advisory

Options:

--no-color    switch off colors
--no-corelist ignore modules bundled with perl version
--ascii       use ascii output
--quiet       be quiet
--verbose     be verbose
--help|h      help message

Examples:

cpan-audit dist Catalyst-Runtime
cpan-audit dist Catalyst-Runtime 7.0
cpan-audit dist Catalyst-Runtime >5.48

cpan-audit module Catalyst 7.0

cpan-audit deps .
cpan-audit deps /path/to/distribution

cpan-audit installed
cpan-audit installed local/

cpan-audit show CPANSA-Mojolicious-2018-03

cpan-audit is a command line application that checks the modules or distributions for known vulnerabilities. It is using its internal database that is automatically generated from a hand-picked database https://github.com/vti/cpan-security-advisory.

cpan-audit does not connect to anything, that is why it is important to keep it up to date. Every update of the internal database is released as a new version.

cpan-audit can automatically detect dependencies from the following sources:

• Carton

  Parses cpanfile.snapshot file and checks the distribution versions.

• cpanfile

  Parses cpanfile taking into account the required versions.

It is assumed that if the required version of the module is less than a version of a release with a known vulnerability fix, then the module is considered affected.

Copyright (C) Viacheslav Tykhanovskyi.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.