The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.


CPAN::ParseDistribution - index a file from the BackPAN


Given a file from the BackPAN, this will let you find out what versions of what modules it contains, the distribution name and version


    my $dist = CPAN::ParseDistribution->new(
        use_tar => '/bin/tar',
    my $modules     = $dist->modules(); # hashref of modname => version
    my $distname    = $dist->dist();
    my $distversion = $dist->distversion();



Constructor, takes a single mandatory argument, which should be a tarball or zip file from the CPAN or BackPAN, and some optional named arguments:


The full path to 'tar'. This is assumed to be GNU tar, and to be sufficiently well-endowed as to be able to support bzip2 files. Maybe I'll fix that at some point. If this isn't specified, then Archive::Tar is used instead.

You might want to use this if dealing with very large files, as Archive::Tar is rather profligate with memory.


Returns true or false depending on whether this is a developer-only or trial release of a distribution. This is determined by looking for an underscore in the distribution version or the string '-TRIAL' at the end of the distribution version.


Returns a hashref whose keys are module names, and their values are the versions of the modules. The version number is retrieved by eval()ing what looks like a $VERSION line in the code. This is done in a Safe compartment, but may be a security risk if you do this with untrusted code. Caveat user!


Return the name of the distribution. eg, in the synopsis above, it would return 'Some-Distribution'.


Return the version of the distribution. eg, in the synopsis above, it would return 1.23.

Strictly speaking, the CPAN doesn't have distribution versions - Foo-Bar-1.23.tar.gz is not considered to have any relationship to Foo-Bar-1.24.tar.gz, they just happen to coincidentally have rather similar contents. But other tools, such as those used by the CPAN testers, do treat distributions as being versioned.


This module executes a very small amount of code from each module that it finds in a distribution. While every effort has been made to do this safely, there are no guarantees that it won't let the distributions you're examining do horrible things to your machine, such as email your password file to strangers. You are strongly advised to read the source code and to run it in a very heavily restricted user account.


I welcome feedback about my code, including constructive criticism. Bug reports should be made using Github Issues and should include the smallest possible chunk of code, along with any necessary data, which demonstrates the bug. Ideally, this will be in the form of files which I can drop in to the module's test suite.

There is a known problem with parsing some pathological distributions on Windows, where CPAN::ParseDistribution may either hang or crash. This is because Windows doesn't properly support fork()ing and signals. I can not fix this, but welcome patches with tests.




Copyright 2009-2011 David Cantrell <>

Contains code originally from the PAUSE by Andreas Koenig.

This software is free-as-in-speech software, and may be used, distributed, and modified under the terms of either the GNU General Public Licence version 2 or the Artistic Licence. It's up to you which one you use. The full text of the licences can be found in the files GPL2.txt and ARTISTIC.txt, respectively.


This module is also free-as-in-mason software.