cpan-audit - Audit CPAN modules
cpan-audit [command] [options...]
module [version range] audit module with optional version range (all by default) dist|release [version range] audit distribution with optional version range (all by default) deps [directory] audit dependencies from the directory (. by default) installed audit all installed modules show [advisory id] show information about specific advisory
--no-color switch off colors --no-corelist ignore modules bundled with perl version --ascii use ascii output --quiet be quiet --verbose be verbose --help|h help message
cpan-audit dist Catalyst-Runtime cpan-audit dist Catalyst-Runtime 7.0 cpan-audit dist Catalyst-Runtime >5.48 cpan-audit module Catalyst 7.0 cpan-audit deps . cpan-audit deps /path/to/distribution cpan-audit installed cpan-audit installed local/ cpan-audit show CPANSA-Mojolicious-2018-03
cpan-audit is a command line application that checks the modules or distributions for known vulnerabilities. It is using its internal database that is automatically generated from a hand-picked database https://github.com/vti/cpan-security-advisory.
cpan-audit does not connect to anything, that is why it is important to keep it up to date. Every update of the internal database is released as a new version.
cpan-audit can automatically detect dependencies from the following sources:
cpanfile.snapshotfile and checks the distribution versions.
cpanfiletaking into account the required versions.
It is assumed that if the required version of the module is less than a version of a release with a known vulnerability fix, then the module is considered affected.
Copyright (C) Viacheslav Tykhanovskyi.
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.