++ed by:

2 PAUSE users
2 non-PAUSE users.

Author image Вячеслав Тихановский
and 4 contributors


cpan-audit - Audit CPAN modules


cpan-audit [command] [options...]


    module         [version range]    audit module with optional version range (all by default)
    dist|release   [version range]    audit distribution with optional version range (all by default)
    deps           [directory]        audit dependencies from the directory (. by default)
    installed                         audit all installed modules
    show           [advisory id]      show information about specific advisory


    --no-color    switch off colors
    --no-corelist ignore modules bundled with perl version
    --ascii       use ascii output
    --quiet       be quiet
    --verbose     be verbose
    --help|h      help message


    cpan-audit dist Catalyst-Runtime
    cpan-audit dist Catalyst-Runtime 7.0
    cpan-audit dist Catalyst-Runtime >5.48

    cpan-audit module Catalyst 7.0

    cpan-audit deps .
    cpan-audit deps /path/to/distribution

    cpan-audit installed
    cpan-audit installed local/

    cpan-audit show CPANSA-Mojolicious-2018-03


cpan-audit is a command line application that checks the modules or distributions for known vulnerabilities. It is using its internal database that is automatically generated from a hand-picked database https://github.com/vti/cpan-security-advisory.

cpan-audit does not connect to anything, that is why it is important to keep it up to date. Every update of the internal database is released as a new version.

cpan-audit can automatically detect dependencies from the following sources:


Parses cpanfile.snapshot file and checks the distribution versions.


Parses cpanfile taking into account the required versions.

It is assumed that if the required version of the module is less than a version of a release with a known vulnerability fix, then the module is considered affected.


Copyright (C) Viacheslav Tykhanovskyi.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.