{"id":13296884,"url":"https://github.com/briandfoy/cpan-audit","last_synced_at":"2025-04-13T03:08:07.115Z","repository":{"id":37435374,"uuid":"466292115","full_name":"briandfoy/cpan-audit","owner":"briandfoy","description":"Check CPAN modules for known security vulnerabilities","archived":false,"fork":false,"pushed_at":"2025-04-07T18:06:09.000Z","size":6052,"stargazers_count":17,"open_issues_count":1,"forks_count":13,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-04-13T03:08:00.906Z","etag":null,"topics":["cve","perl","perl-module","perl-tool","security","security-audit"],"latest_commit_sha":null,"homepage":"","language":"Perl","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"vti/cpan-audit","license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/briandfoy.png","metadata":{"files":{"readme":"README.md","changelog":"Changes","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["briandfoy"]}},"created_at":"2022-03-04T22:52:07.000Z","updated_at":"2025-04-07T18:06:13.000Z","dependencies_parsed_at":"2023-11-29T20:32:05.671Z","dependency_job_id":"4f92ed2a-dfbe-483f-bdeb-5a62159264fd","html_url":"https://github.com/briandfoy/cpan-audit","commit_stats":{"total_commits":328,"total_committers":11,"mean_commits":"29.818181818181817","dds":"0.28963414634146345","last_synced_commit":"8eb87801477edeaf626b6bf12478a8aa4cb9ccc4"},"previous_names":[],"tags_count":73,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/briandfoy%2Fcpan-audit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/briandfoy%2Fcpan-audit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/briandfoy%2Fcpan-audit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/briandfoy%2Fcpan-audit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/briandfoy","download_url":"https://codeload.github.com/briandfoy/cpan-audit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248657918,"owners_count":21140846,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve","perl","perl-module","perl-tool","security","security-audit"],"created_at":"2024-07-29T17:21:17.832Z","updated_at":"2025-04-13T03:08:07.090Z","avatar_url":"https://github.com/briandfoy.png","language":"Perl","funding_links":["https://github.com/sponsors/briandfoy"],"categories":[],"sub_categories":[],"readme":"# NAME\n\ncpan-audit - Audit CPAN modules\n\n# SYNOPSIS\n\ncpan-audit \\[command\\] \\[options\\]\n\nCommands:\n\n    module         [version range]    audit module with optional version range (all by default)\n    dist|release   [version range]    audit distribution with optional version range (all by default)\n    deps           [directory]        audit dependencies from the directory (. by default)\n    installed                         audit all installed modules\n    show           [advisory id]      show information about specific advisory\n\nOptions:\n\n    --ascii               use ascii output\n    --freshcheck|f        check the database for freshness (CPAN::Audit::FreshnessCheck)\n    --help|h              show the help message and exit\n    --no-color            switch off colors\n    --no-corelist         ignore modules bundled with perl version\n    --perl                include perl advisories\n    --quiet               be quiet\n    --verbose             be verbose\n    --version             show the version and exit\n    --exclude \u003cstr\u003e       exclude/ignore the specified advisory/cve (multiple)\n    --exclude-file \u003cfile\u003e read exclude/ignore patterns from file\n    --json \u003cfile\u003e         save audit results in JSON format in a file\n\nExamples:\n\n    cpan-audit dist Catalyst-Runtime\n    cpan-audit dist Catalyst-Runtime 7.0\n    cpan-audit dist Catalyst-Runtime '\u003e5.48'\n\n    cpan-audit module Catalyst 7.0\n\n    cpan-audit deps .\n    cpan-audit deps /path/to/distribution\n\n    cpan-audit installed\n    cpan-audit installed local/\n    cpan-audit installed local/ --exclude CVE-2011-4116\n    cpan-audit installed local/ --exclude CVE-2011-4116 --exclude CVE-2011-123\n    cpan-audit installed local/ --exclude-file ignored-cves.txt\n    cpan-audit installed --json audit.json\n\n    cpan-audit show CPANSA-Mojolicious-2018-03\n\n# DESCRIPTION\n\n`cpan-audit` is a command line application that checks the modules or\ndistributions for known vulnerabilities. It is using its internal\ndatabase that is automatically generated from a hand-picked database\n[https://github.com/briandfoy/cpan-security-advisory](https://github.com/briandfoy/cpan-security-advisory).\n\n`cpan-audit` does not connect to anything, that is why it is\nimportant to keep it up to date. Every update of the internal database\nis released as a new version. Ensure that you have the latest database\nby updating [CPAN::Audit](https://metacpan.org/pod/CPAN%3A%3AAudit) frequently; the database can change daily.\nYou can use enable a warning for a possibly out-of-date database by\nadding `--freshcheck`, which warns if the database version is older\nthan a month:\n\n        % cpan-audit --freshcheck ...\n        % cpan-audit -f ...\n\n        % env CPAN_AUDIT_FRESH_DAYS=7 cpan-audit -f ...\n\n## Finding dependencies\n\n`cpan-audit` can automatically detect dependencies from the following\nsources:\n\n- `Carton`\n\n    Parses `cpanfile.snapshot` file and checks the distribution versions.\n\n- `cpanfile`\n\n    Parses `cpanfile` taking into account the required versions.\n\nIt is assumed that if the required version of the module is less than\na version of a release with a known vulnerability fix, then the module\nis considered affected.\n\n## Exit values\n\nIn prior versions, `cpan-audit` exited with the number of advisories\nit found. Starting with 1.001, if there are advisories found, `cpan-audit`\nexits with 64 added to that number.\n\n- 0 - normal operation\n- 2 - problem with program invocation, such as bad switches or values\n- 64+n - advisories found. Subtract 64 to get the advisory count\n\n# LICENSE\n\nCopyright (C) Viacheslav Tykhanovskyi.\n\nThis library is free software; you can redistribute it and/or modify\nit under the same terms as Perl itself.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbriandfoy%2Fcpan-audit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbriandfoy%2Fcpan-audit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbriandfoy%2Fcpan-audit/lists"}