NAME

perlcritic - Command-line interface to critique Perl source

SYNOPSIS

  perlcritic [-12345 | -severity number] [-noprofile | -profile file]
             [-top [ number ]] [-include pattern] [-exclude pattern]
             [-theme expression] [-verbose number | format]  [-list]
             [-only | -noonly] [-force | -noforce] [-nocolor] [-Version]
             [-help] [-man] [-quiet] [FILE | DIRECTORY | STDIN]

DESCRIPTION

perlcritic is a Perl source code analyzer. It is the executable front-end to the Perl::Critic engine, which attempts to identify awkward, hard to read, error-prone, or unconventional constructs in your code. Most of the rules are based on Damian Conway's book Perl Best Practices. However, perlcritic is not limited to enforcing PBP, and it will even support rules that contradict Conway. All rules can easily be configured or disabled to your liking.

If you want to integrate perlcritic with your build process, the Test::Perl::Critic module provides a nice interface that is suitable for test scripts. For ultimate convenience (at the expense of some flexibility) see the criticism pragma.

Win32 and ActivePerl users can find PPM distributions of Perl::Critic at http://theoryx5.uwinnipeg.ca/ppms/.

If you'd like to try Perl::Critic without installing anything, there is a web-service available at http://perlcritic.com. The web-service does not yet support all the configuration features that are available in the native Perl::Critic API, but it should give you a good idea of what it does. You can also invoke the perlcritic web-service from the command line by doing an HTTP-post, such as one of these:

    $> POST http://perlcritic.com/perl/critic.pl < MyModule.pm
    $> lwp-request -m POST http://perlcritic.com/perl/critic.pl < MyModule.pm
    $> wget -q -O - --post-file=MyModule.pm http://perlcritic.com/perl/critic.pl

Please note that the perlcritic web-service is still alpha code. The URL and interface to the service are subject to change.

USAGE EXAMPLES

Before getting into all the gory details, here are some basic usage examples to help get you started.

  #Report only most severe violations (severity = 5)
  perlcritic YourModule.pm

  #Same as above, but read input from STDIN
  perlcritic

  #Recursively process all Perl files beneath directory
  perlcritic /some/directory

  #Report slightly less severe violations too (severity >= 4)
  perlcritic -4 YourModule.pm

  #Report all violations, regardless of severity (severity >= 1)
  perlcritic -1 YourModule.pm

  #Report only violations of things from "Perl Best Practices"
  perlcritic -theme pbp YourModule.pm

  #Report top 20 most severe violations (severity >= 1)
  perlcritic -top YourModule.pm

  #Report additional violations of Policies that match m/variables/ix
  perlcritic -include variables YourModule.pm

ARGUMENTS

The arguments are paths to the files you wish to analyze. You may specify multiple files. If an argument is a directory, perlcritic will analyze all Perl files below the directory. If no arguments are specified, then input is read from STDIN.

OPTIONS

Option names can be abbreviated to uniqueness and can be stated with singe or double dashes, and option values can be separated from the option name by a space or '=' (as with Getopt::Long). Option names are also case-sensitive.

-profile FILE

Directs perlcritic to use a profile named by FILE rather than looking for the default .perlcriticrc file in the current directory or your home directory. See "CONFIGURATION" for more information.

-noprofile

Directs perlcritic not to load any configuration file, thus reverting to the default configuration for all Policies.

-severity N

Directs perlcritic to only report violations of Policies with a severity greater than N. Severity values are integers ranging from 1 (least severe) to 5 (most severe). The default is 5. For a given -profile, decreasing the -severity will usually produce more violations. You can set the default value for this option in your .perlcriticrc file. You can also redefine the severity for any Policy in your .perlcriticrc file. See "CONFIGURATION" for more information.

-5 | -4 | -3 | -2 | -1

These are shortcuts for setting the -severity option. For example, "-4" is equivalent to "-severity 4". If multiple shortcuts are specified, then the lowest one wins. If an explicit -severity option is given, then all shortcut options are silently ignored. NOTE: Be careful not to put one of the severity shortcut options immediately after the -top flag or perlcritic will interpret it as the number of violations to report.

-theme EXPRESSION

Directs perlcritic to report only violations of Policies that are encompassed by the EXPRESSION. Themes are arbitrary names for groups of related policies. You can combine theme names with mathematical and boolean operators to create an arbitrarily complex EXPRESSION. See the "POLICY THEMES" section for more information.

-include PATTERN

Directs perlcritic to report additional violations of all Policy modules that match the regex /PATTERN/imx. Use this option to temporarily override your profile and/or the severity settings at the command-line. For example:

  perlcritic --include=layout my_file.pl

This would cause perlcritic to report violations of all the CodeLayout::* policies even if they have a severity level that is less than the default level of 5, or have been disabled in your .perlcriticrc file. You can specify multiple -include options and you can use it in conjunction with the -exclude option. Note that -exclude takes precedence over -include when a Policy matches both patterns. You can set the default value for this option in your .perlcriticrc file.

-exclude PATTERN

Directs perlcritic to not report violations of any Policy modules that match the regex /PATTERN/imx. Use this option to temporarily override your profile and/or the severity settings at the command-line. For example:

  perlcritic --exclude=strict my_file.pl

This would cause perlcritic to not report violations of the RequireUseStrict and ProhibitNoStrict policies even though they have the highest severity level. You can specify multiple -exclude options and you can use it in conjunction with the -include option. Note that -exclude takes precedence over -include when a Policy matches both patterns. You can set the default value for this option in your .perlcriticrc file.

-top [ N ]

Directs perlcritic to report only the top N Policy violations in each file, ranked by their severity. If N is not specified, it defaults to 20. If the -severity option (or one of the shortcuts) is not explicitly given, the -top option implies that the minimum severity level is 1. Users can redefine the severity for any Policy in their .perlcriticrc file. See "CONFIGURATION" for more information. You can set the default value for this option in your .perlcriticrc file. NOTE: Be careful not to put one of the severity shortcut options immediately after the -top flag or perlcritic will interpret it as the number of violations to report.

-force

Directs perlcritic to ignore the magical "## no critic" pseudo-pragmas in the source code. See "BENDING THE RULES" for more information. You can set the default value for this option in your .perlcriticrc file.

-verbose N | FORMAT

Sets the verbosity level or format for reporting violations. If given a number (N), perlcritic reports violations using one of the predefined formats described below. If given a string (FORMAT), it is interpreted to be an actual format specification. If the -verbose option is not specified, it defaults to either 4 or 5, depending on whether multiple files were given as arguments to perlcritic. You can set the default value for this option in your .perlcriticrc file.

    Verbosity     Format Specification
    -----------   -------------------------------------------------------------
     1            "%f:%l:%c:%m\n",
     2            "%f: (%l:%c) %m\n",
     3            "%m at %f line %l\n",
     4            "%m at line %l, column %c.  %e.  (Severity: %s)\n",
     5            "%f: %m at line %l, column %c.  %e.  (Severity: %s)\n",
     6            "%m at line %l, near '%r'.  (Severity: %s)\n",
     7            "%f: %m at line %l near '%r'.  (Severity: %s)\n",
     8            "[%p] %m at line %l, column %c.  (Severity: %s)\n",
     9            "[%p] %m at line %l, near '%r'.  (Severity: %s)\n",
    10            "%m at line %l, column %c.\n  %p (Severity: %s)\n%d\n",
    11            "%m at line %l, near '%r'.\n  %p (Severity: %s)\n%d\n"

Formats are a combination of literal and escape characters similar to the way sprintf works. See String::Format for a full explanation of the formatting capabilities. Valid escape characters are:

    Escape    Meaning
    -------   ----------------------------------------------------------------
    %c        Column number where the violation occurred
    %d        Full diagnostic discussion of the violation
    %e        Explanation of violation or page numbers in PBP
    %f        Name of the file where the violation occurred.
    %l        Line number where the violation occurred
    %m        Brief description of the violation
    %P        Full name of the Policy module that created the violation
    %p        Name of the Policy without the Perl::Critic::Policy:: prefix
    %r        The string of source code that caused the violation
    %s        The severity level of the violation

The purpose of these formats is to provide some compatibility with editors that have an interface for parsing certain kinds of input. See "EDITOR INTEGRATION" for more information about that.

-list

Displays a listing of all the Perl::Critic::Policy modules that are found on this machine. For each Policy, the default severity and user-defined severity is also shown. If the user has not overridden the severity for a particular Policy in their .perlcriticrc file, then the user-defined severity will be the same as the default severity. This can be useful for discovering the Policy modules that you have available and tuning the severity levels in your .perlcriticrc file.

-only

Directs perlcritic to choose only from policies that are explicitly named in your .perlcriticrc file. You can set the default value for this option in your .perlcriticrc file.

-count

Display only the number of violations for each file. Use this feature to get a quick handle on where a large pile of code might need the most attention.

-Safari

Report "Perl Best Practice" citations as section numbers from http://safari.oreilly.com instead of page numbers from the actual book. NOTE: This feature is not implemented yet.

-nocolor

By default, Severity 5 and 4 are colored red and yellow, respectively. Colorization only happens if STDOUT is a tty and Term::ANSIColor is installed. And it only works on non-windows environments. Set this switch to disable color

-quiet

Suppress the "source OK" message if no violations are found.

-help

-?

Displays a brief summary of options and exits.

-man

Displays the complete perlcritic manual and exits.

-Version

-V

Displays the version number of perlcritic and exits.

CONFIGURATION

Most of the settings for Perl::Critic and each of the Policy modules can be controlled by a configuration file. The default configuration file is called .perlcriticrc. Perl::Critic::Config will look for this file in the current directory first, and then in your home directory. Alternatively, you can set the PERLCRITIC environment variable to explicitly point to a different file in another location. If none of these files exist, and the -profile option is not given on the command line, then all Policies will be loaded with their default configuration.

The format of the configuration file is a series of INI-style blocks that contain key-value pairs separated by '='. Comments should start with '#' and can be placed on a separate line or after the name-value pairs if you desire.

Default settings for perlcritic itself can be set before the first named block. For example, putting any or all of these at the top of your .perlcriticrc file will set the default value for the corresponding command-line argument.

    severity  = 3                                     #Integer from 1 to 5
    only      = 1                                     #Zero or One
    force     = 0                                     #Zero or One
    verbose   = 4                                     #Integer or format spec
    top       = 50                                    #A positive integer
    theme     = risky + (pbp * security) - cosmetic   #A theme expression
    include   = NamingConventions ClassHierarchies    #Space-delimited list
    exclude   = Variables  Modules::RequirePackage    #Space-delimited list

The remainder of the configuration file is a series of blocks like this:

    [Perl::Critic::Policy::Category::PolicyName]
    severity = 1
    set_theme = foo bar
    add_theme = baz
    arg1 = value1
    arg2 = value2

Perl::Critic::Policy::Category::PolicyName is the full name of a module that implements the policy. The Policy modules distributed with Perl::Critic have been grouped into categories according to the table of contents in Damian Conway's book Perl Best Practices. For brevity, you can omit the 'Perl::Critic::Policy' part of the module name.

severity is the level of importance you wish to assign to the Policy. All Policy modules are defined with a default severity value ranging from 1 (least severe) to 5 (most severe). However, you may disagree with the default severity and choose to give it a higher or lower severity, based on your own coding philosophy.

set_theme sets the theme for the Policy and overrides it's default theme. The argument is a string of one or more whitespace-delimited words. Themes are case-insensitive. See "POLICY THEMES" for more information.

add_theme appends to the default themes for this Policy. The argument is a string of one or more whitespace-delimited words. Themes are case-insensitive. See "POLICY THEMES" for more information.

The remaining key-value pairs are configuration parameters that will be passed into the constructor of that Policy. The constructors for most Policy modules do not support arguments, and those that do should have reasonable defaults. See the documentation on the appropriate Policy module for more details.

Instead of redefining the severity for a given Policy, you can completely disable a Policy by prepending a '-' to the name of the module in your configuration file. In this manner, the Policy will never be loaded, regardless of the -severity given on the command line.

A simple configuration might look like this:

    #--------------------------------------------------------------
    # I think these are really important, so always load them

    [TestingAndDebugging::RequireUseStrict]
    severity = 5

    [TestingAndDebugging::RequireUseWarnings]
    severity = 5

    #--------------------------------------------------------------
    # I think these are less important, so only load when asked

    [Variables::ProhibitPackageVars]
    severity = 2

    [ControlStructures::ProhibitPostfixControls]
    allow = if unless  #My custom configuration
    severity = 2

    #--------------------------------------------------------------
    # Give these policies a custom theme.  I can activate just
    # these policies by saying "perlcritic -theme 'larry + curly'"

    [Modules::RequireFilenameMatchesPackage]
    add_theme = larry

    [TestingAndDebugging::RequireTestLables]
    add_theme = curly moe

    #--------------------------------------------------------------
    # I do not agree with these at all, so never load them

    [-NamingConventions::ProhibitMixedCaseVars]
    [-NamingConventions::ProhibitMixedCaseSubs]

    #--------------------------------------------------------------
    # For all other Policies, I accept the default severity,
    # so no additional configuration is required for them.

For additional configuration examples, see the perlcriticrc file that is included in this t/examples directory of this distribution.

THE POLICIES

A large number of Policy modules are distributed with Perl::Critic. They are described briefly in the companion document Perl::Critic::PolicySummary and in more detail in the individual modules themselves.

POLICY THEMES

NOTE: As of version 0.21, policy themes are still considered experimental. The implementation of this feature may change in a future release. Additionally, the default theme names that ship with Perl::Critic may also change. But this is a pretty cool feature, so read on...

Each Policy is defined with one or more "themes". Themes can be used to create arbitrary groups of Policies. They are intended to provide an alternative mechanism for selecting your preferred set of Policies. The Policies that ship with Perl::Critic have been grouped into themes that are roughly analogous to their severity levels. Folks who find the numeric severity levels awkward can use these mnemonic theme names instead.

    Severity Level                   Equivalent Theme
    ---------------------------------------------------------------------------
    5                                danger
    4                                risky
    3                                unreliable
    2                                readability
    1                                cosmetic

Say "perlcritic -list" to get a listing of all available policies and the themes that are associated with each one. You can also change the theme for any Policy in your .perlcriticrc file. See the "CONFIGURATION" section for more information about that.

Using the -theme command-line option, you can combine themes with mathematical and boolean operators to create an arbitrarily complex expression that represents a custom "set" of Policies. The following operators are supported

   Operator       Altertative         Meaning
   -----------------------------------------------------------------------------
   *              and                 Intersection
   -              not                 Difference
   +              or                  Union

Operator precedence is the same as that of normal mathematics. You can also use parenthesis to enforce precedence. Here are some examples:

   Expression                  Meaning
   -----------------------------------------------------------------------------
   pbp * risky                 All policies that are "pbp" AND "risky"
   pbp and risky               Ditto

   danger + risky              All policies that are "danger" OR "risky"
   pbp or risky                Ditto

   pbp - cosmetic              All policies that are "pbp" BUT NOT "risky"
   pbp not cosmetic            Ditto

   -reliability                All policies that are NOT "reliability"
   not reliability             Ditto

   (pbp - danger) * risky      All policies that are "pbp" BUT NOT "danger", AND "risky"
   (pbp not danger) and risky  Ditto

Theme names are case-insensitive. If -theme is set to an empty string, then it is equivalent to the set of all policies. A theme name that doesn't exist is equivalent to an empty set. Please See http://en.wikipedia.org/wiki/Set for a discussion on set theory.

BENDING THE RULES

Perl::Critic takes a hard-line approach to your code: either you comply or you don't. In the real world, it is not always practical (or even possible) to fully comply with coding standards. In such cases, it is wise to show that you are knowingly violating the standards and that you have a Damn Good Reason (DGR) for doing so.

To help with those situations, you can direct Perl::Critic to ignore certain lines or blocks of code by using pseudo-pragmas:

    require 'LegacyLibaray1.pl';  ## no critic
    require 'LegacyLibrary2.pl';  ## no critic

    for my $element (@list) {

        ## no critic

        $foo = "";               #Violates 'ProhibitEmptyQuotes'
        $barf = bar() if $foo;   #Violates 'ProhibitPostfixControls'
        #Some more evil code...

        ## use critic

        #Some good code...
        do_something($_);
    }

The "## no critic" comments direct Perl::Critic to ignore the remaining lines of code until the end of the current block, or until a "## use critic" comment is found (whichever comes first). If the "## no critic" comment is on the same line as a code statement, then only that line of code is overlooked. To direct perlcritic to ignore the "## no critic" comments, use the -force option.

A bare "## no critic" comment disables all the active Policies. If you wish to disable only specific Policies, add a list of Policy names as arguments just as you would for the "no strict" or "no warnings" pragma. For example, this would disable the ProhibitEmptyQuotes and ProhibitPostfixControls policies until the end of the block or until the next "## use critic" comment (whichever comes first):

  ## no critic (EmptyQuotes, PostfixControls);

  $foo = "";                  #Now exempt from ValuesAndExpressions::ProhibitEmptyQuotes
  $barf = bar() if $foo;      #Now exempt ControlStructures::ProhibitPostfixControls
  $long_int = 10000000000;    #Still subjected to ValuesAndExpression::RequireNumberSeparators

Since the Policy names are matched against the arguments as regular expressions, you can abbreviate the Policy names or disable an entire family of Policies in one shot like this:

  ## no critic 'NamingConventions';

  my $camelHumpVar = 'foo';  #Now exempt from NamingConventions::ProhibitMixedCaseVars
  sub camelHumpSub {}        #Now exempt from NamingConventions::ProhibitMixedCaseSubs

The argument list must be enclosed in parens and must contain one or more comma-separated barewords (i.e. don't use quotes). The "## no critic" pragmas can be nested, and Policies named by an inner pragma will be disabled along with those already disabled an outer pragma.

Use this feature wisely. "## no critic" should be used in the smallest possible scope, or only on individual lines of code. And you should always be as specific as possible about which policies you want to disable (i.e. never use a bare "## no critic"). If Perl::Critic complains about your code, try and find a compliant solution before resorting to this feature.

IMPORTANT CHANGES

Perl-Critic is evolving rapidly. As such, some of the interfaces have changed in ways that are not backward-compatible. If you have been using an older version of Perl-Critic and/or you have been developing custom Policy modules, please read this section carefully.

VERSION 0.16

Starting in version 0.16, you can add a list Policy names as arguments to the "## no critic" pseudo-pragma. This feature allows you to disable specific policies. So if you have been in the habit of adding additional words after "no critic", then those words might cause unexpected results. If you want to append other stuff to the "## no critic" comment, then terminate the pseudo-pragma with a semi-colon, and then start another comment. For example:

  #This may not work as expected.
  $email = 'foo@bar.com';  ## no critic for literal '@'

  #This will work.
  $email = 'foo@bar.com';  ## no critic; #for literal '@'

  #This is even better.
  $email = 'foo@bar.com'; ## no critic (RequireInterpolation);

VERSION 0.14

Starting in version 0.14, the interface to Perl::Critic::Violation changed. This will also break any custom Policy modules that you might have written for earlier modules. See Perl::Critic::DEVELOPER for an up-to-date guide on creating Policy modules.

The notion of "priority" was also replaced with "severity" in version 0.14. Consequently, the default behavior of Perl::Critic is to only load the most "severe" Policy modules, rather than loading all of them. This decision was based on user-feedback suggesting that Perl-Critic should be less "critical" for new users, and should steer them toward gradually increasing the strictness as they adopt better coding practices.

VERSION 0.11

Starting in version 0.11, the internal mechanics of Perl-Critic were rewritten so that only one traversal of the PPI document tree is required. Unfortunately, this will break any custom Policy modules that you might have written for earlier versions. Converting your policies to work with the new version is pretty easy and actually results in cleaner code. See Perl::Critic::DEVELOPER for an up-to-date guide on creating Policy modules.

EDITOR INTEGRATION

For ease-of-use, perlcritic can be integrated with your favorite text editor. The output-formatting capabilities of perlcritic are specifically intended for use with the "grep" or "compile" modes available in editors like emacs and vim. In these modes, you can run an arbitrary command and the editor will parse the output into an interactive buffer that you can click on and jump to the relevant line of code.

EMACS

Joshua ben Jore has authored a minor-mode for emacs that allows you to run perlcritic on the current region or buffer. You can run it on demand, or configure it to run automatically when you save the buffer. The output appears in a hot-linked compiler buffer. The code and installation instructions can be found in the extras directory inside this distribution.

VIM

Configure the grep format as follows:

  set grepformat=%f:%l:%c:m
  set grepprg=perlcritic\ -verbose\ 1\ %

Then, you can run perlcritic on the current buffer with:

  :grep

Navigation and display instructions can be found under :help grep. Someone with stronger Vim-fu may wish to convert this to a real macro.

gVIM

Fritz Mehner recently added support for perlcritic to his fantastic gVIM plugin. In addition to providing a very Perlish IDE, Fritz's plugin enables one-click access to perlcritic and many other very useful utilities. And all is seamlessly integrated into the editor. See http://lug.fh-swf.de/vim/vim-perl/screenshots-en.html for complete details.

EPIC

EPIC is an open source Perl IDE based on the Eclipse platform. Features supported are syntax highlighting, on-the-fly syntax check, content assist, perldoc support, source formatter, templating support and a Perl debugger. Go to http://e-p-i-c.sourceforge.net for more information about EPIC.

The EPIC team is currently working on integration with Perl::Critic. In the meantime, you can use the criticism pragma and EPIC will highlight violations whenever it does a syntax check on your code. I haven't tried this myself, but other folks say it works.

EXIT STATUS

If perlcritic has any errors itself, exits with status == 1. If there are no errors, but perlcritic finds Policy violations in your source code, exits with status == 2. If there were no errors and no violations were found, exits with status == 0.

THE Perl::Critic PHILOSOPHY

  Coding standards are deeply personal and highly subjective.  The
  goal of Perl::Critic is to help you write code that conforms with a
  set of best practices.  Our primary goal is not to dictate what
  those practices are, but rather, to implement the practices
  discovered by others.  Ultimately, you make the rules --
  Perl::Critic is merely a tool for encouraging consistency.  If there
  is a policy that you think is important or that we have overlooked,
  we would be very grateful for contributions, or you can simply load
  your own private set of policies into Perl::Critic.

EXTENDING THE CRITIC

The modular design of Perl::Critic is intended to facilitate the addition of new Policies. You'll need to have some understanding of PPI, but most Policy modules are pretty straightforward and only require about 20 lines of code. Please see the Perl::Critic::DEVELOPER file included in this distribution for a step-by-step demonstration of how to create new Policy modules.

If you develop any new Policy modules, feel free to send them to thaljef@cpan.org and I'll be happy to put them into the Perl::Critic distribution. Or if you'd like to work on the Perl::Critic project directly, check out our repository at http://perlcritic.tigris.org. To subscribe to our mailing list, send a message to dev-subscribe@perlcritic.tigris.org.

BUGS

Scrutinizing Perl code is hard for humans, let alone machines. If you find any bugs, particularly false-positives or false-negatives from a Perl::Critic::Policy, please submit them to http://rt.cpan.org/NoAuth/Bugs.html?Dist=Perl-Critic. Thanks.

CREDITS

Adam Kennedy - For creating PPI, the heart and soul of Perl::Critic.

Damian Conway - For writing Perl Best Practices, finally :)

Chris Dolan - For contributing the best features and Policy modules.

Giuseppe Maxia - For all the great ideas and positive encouragement.

and Sharon, my wife - For putting up with my all-night code sessions.

AUTHOR

Jeffrey Ryan Thalhammer <thaljef@cpan.org>

COPYRIGHT

Copyright (c) 2005-2006 Jeffrey Ryan Thalhammer. All rights reserved.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. The full text of this license can be found in the LICENSE file included with this module.

cpanm Perl::Critic

perl -MCPAN -e shell
install Perl::Critic