App-Project-Doctor
view release on metacpan or search on metacpan
lib/App/Project/Doctor/Check/Security.pm view on Meta::CPAN
our $VERSION = '0.02';
Readonly::Array my @SECRET_PATTERNS => (
qr/(?:password|passwd|secret|api_?key|token)\s*=\s*['"][^'"]{4,}['"]/i,
qr/-----BEGIN (?:RSA |EC )?PRIVATE KEY-----/,
qr/(?:AKIA|ASIA)[A-Z0-9]{16}/,
);
sub name { 'Security' }
sub description { 'All modules declare strict/warnings; no hardcoded credentials.' }
sub can_fix { 1 }
sub order { 60 }
sub check {
my ($self, $ctx) = @_;
croak 'check requires an App::Project::Doctor::Context' unless ref $ctx;
my @findings;
my $files = $ctx->perl_files('lib', 'script', 'bin');
script/project-doctor view on Meta::CPAN
In default execution order:
Tests Test suite exists and passes
CI CI configuration is present
GitHubActions Workflow files validate cleanly
Meta META.yml/json is present and complete
Pod All modules have valid POD
Dependencies Used modules are declared as prerequisites
License LICENSE file is present and consistent with META
Security strict/warnings present; no hardcoded credentials
CpanReadiness Version format, Changes, MANIFEST, README present
=head1 LIMITATIONS
The fix context is built from C<PATH>, not from the detected root. In the
rare case where C<PATH> is not the project root (e.g. a subdirectory), the
Context may have a different root than Doctor used.
=head1 AUTHOR
( run in 1.320 second using v1.01-cache-2.11-cpan-817d5f8af8b )