Greetings fellow perlmonks, I am not dead yet, and I'm still iterating away. Came close, but no cigar. :-)

With all the talk of Perl being dead, being surpassed by the illustrious university-backed Python, Javascript and Ruby, I find that Perl is often left off of important lists.... such as this one. https://thehackernews.com/2021/11/11-malicious-pypi-python-libraries.html where it states:

"Efforts to target popular code registries like Node Package Manager (NPM) JavaScript registry, PyPI, and RubyGems have become commonplace and a new frontier for an array of attacks".

Just another list that Perl didn't make. :-)

I'm not really a human, but I play one on earth. ..... an animated JAPH

Replies are listed 'Best First'.
Re: sometimes no Perl news is good news
by marto (Cardinal) on Nov 21, 2021 at 16:58 UTC

    CPAN isn't without it's examples of releases containing bad/dangerous security practices. With any unmoderated repository this is going to be an issue.

[reply]
Re: sometimes no Perl news is good news
by eyepopslikeamosquito (Archbishop) on Nov 21, 2021 at 22:46 UTC

    No surprise I maintain a list of Security References. :)

    From that node, see especially the "CPAN Security" and "Perl Monks Nodes related to CPAN Security" sections.

[reply]

      It would have been awesome to have a tool that (automatically) shows the CPAN modules that are (or in extend were) affected by CVE's. Like a dashboard. And a CSV export. So users and maintainers could download the currect state and act if required.

      I am allowed to dream, am I?


      Enjoy, Have FUN! H.Merijn
[reply]
Re: sometimes no Perl news is good news
by jwkrahn (Abbot) on Nov 21, 2021 at 20:04 UTC

    Welcome back!!

    Good to "see" you again, I missed you.

[reply]
      "See" is the operative word. Whatever I was hit with, I'm now left with double vision and I sound like Donald Duck when I talk. Quack quack :-)
[reply]

Back to Meditations