App-Project-Doctor

 view release on metacpan or  search on metacpan

lib/App/Project/Doctor/Check/Security.pm  view on Meta::CPAN


our $VERSION = '0.02';

Readonly::Array my @SECRET_PATTERNS => (
	qr/(?:password|passwd|secret|api_?key|token)\s*=\s*['"][^'"]{4,}['"]/i,
	qr/-----BEGIN (?:RSA |EC )?PRIVATE KEY-----/,
	qr/(?:AKIA|ASIA)[A-Z0-9]{16}/,
);

sub name        { 'Security' }
sub description { 'All modules declare strict/warnings; no hardcoded credentials.' }
sub can_fix     { 1 }
sub order       { 60 }

sub check {
	my ($self, $ctx) = @_;
	croak 'check requires an App::Project::Doctor::Context' unless ref $ctx;

	my @findings;
	my $files = $ctx->perl_files('lib', 'script', 'bin');

script/project-doctor  view on Meta::CPAN


In default execution order:

  Tests           Test suite exists and passes
  CI              CI configuration is present
  GitHubActions   Workflow files validate cleanly
  Meta            META.yml/json is present and complete
  Pod             All modules have valid POD
  Dependencies    Used modules are declared as prerequisites
  License         LICENSE file is present and consistent with META
  Security        strict/warnings present; no hardcoded credentials
  CpanReadiness   Version format, Changes, MANIFEST, README present

=head1 LIMITATIONS

The fix context is built from C<PATH>, not from the detected root.  In the
rare case where C<PATH> is not the project root (e.g. a subdirectory), the
Context may have a different root than Doctor used.

=head1 AUTHOR



( run in 1.320 second using v1.01-cache-2.11-cpan-817d5f8af8b )