=pod =encoding utf8 =head1 The CPANSA::DB module **Report Perl security problems to [CPAN Security Group](https://security.metacpan.org), not here**. This is not a primary source of security information. This is the I for the L Perl module. This is the database that L uses to do its work. The module was previously known as C but moved to its own repo and distribution so you can update the database seperately. You're probably looking at this because you don't know where else to find what you're looking for. Read this once and you might never have to read one again for any Perl module. =head2 Documentation This module is a data pack for other modules, such as L, that need access to the digested form of the CPAN Security Advisories database. There's not much you need to read, but you can look at the data structure. To read about L, look at the embedded documentation in the module itself. Inside the distribution, you can format it with L: % perldoc lib/CPANSA/DB.pm If you have already installed the module, you can specify the module name instead of the file location: % perldoc CPANSA::DB You can read the documentation and inspect the meta data on L. The standard module documentation has example uses in the SYNOPSIS section, but you can also look in the I directory (if it's there), or look at the test files in I. =head2 Installation You can install this module with a CPAN client, which will resolve and install the dependencies: % cpan CPANSA::DB % cpanm CPANSA::DB You can also install directly from the distribution directory, which will also install the dependencies: % cpan . % cpanm . You could install just this module manually: % perl Makefile.PL % make % make test % make install You probably don't want to do that unless you're fiddling with the module and only want to run the tests without installing anything. =head2 Source location The meta data, such as the source repository and bug tracker, is in I or the I files it creates. You can find that on those CPAN web interfaces, but you can also look at files directly in the source repository: =over 4 =item * L =back There are also backup repositories hosted on other services. These reflect the state of the main repo and exist only for redundancy: =over 4 =item * L =item * L =item * L =back If you find a problem, file a ticket in the L. This distribution now uses L, which allow you to verify that the archive file you have was made from the official repo. You need a GitHub account and the L. # download the distro file from GitHub, MetaCPAN, or a CPAN mirror $ gh auth login ...follow instructions... $ gh attestation verify CPANSA-DB-20241111.tar.gz --owner briandfoy Additionally, each release codes with GPG signature that allows you to verify that this. The key is the same one used when the database was distributed with L: $ gpg --verify lib/CPANSA/DB.pm.gpg lib/CPANSA/DB.pm gpg: Signature made Mon Nov 18 11:00:10 2024 EST gpg: using RSA key 75AAB42CBA0D7F37F0D6886DF83F8D5E878B6041 gpg: Good signature from "CPAN::Audit (brian d foy) (https://github.com/briandfoy/cpan-audit) " [ultimate] =head2 Getting help Although I'm happy to hear from module users in private email, that's the best way for me to forget to do something. Besides the issue trackers, you can find help at L or L, both of which have many competent Perlers who can answer your question, almost in real time. They might not know the particulars of this module, but they can help you diagnose your problem. You might like to read L. =head2 Copyright and License You should have received a I file, but the license is also noted in the module files. About the only thing you can't do is pretend that you wrote code that you didn't. =head2 Good luck! Enjoy, brian d foy, briandfoy@pobox.com =cut