Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Re^2: Prefer Pure Perl Core Modules

by Leitz (Scribe)
on Jul 14, 2021 at 13:39 UTC ( #11134996=note: print w/replies, xml ) Need Help??


in reply to Re: Prefer Pure Perl Core Modules
in thread Prefer Pure Perl Core Modules

Good thread and great comments! You're right, improving the security around CPAN would help and it would be labor intense. CPAN offers a lot to Perl users, but there are significant risks.

Take Moose/Moo for example. Once you know how to build a Perl object without them, you can see the advantages they bring. Then you have to think through the trade-offs; is the benefit given worth the personal effort required? Once you go outside of OS provided packages you have to keep OS and CPAN installed modules separate, and that can become a real challenge. If your application needs a lot of CPAN you probably want to look at compiling your own Perl and completely moving away from the OS provided packages. My desktop provides Perl 5.32 and I do CPAN installed to /usr/local. It will cause a problem if I use a lot of CPAN, so I avoid that. Other places I provide code for are limited to a much older Perl, and I have to package any module my application uses. Thus I use few. Think about how much you want to share your code, and what someone would have to do to use it. The easier you can make it for your user the higher chance you have of your code being used.

You can also look at virtualenv and carton; they may give you what you need. I do not use them because they add more administrative overhead than I want to deal with.

Chronicler: The Domici War (domiciwar.net)

General Ne'er-do-well (github.com/LeamHall)

Replies are listed 'Best First'.
Re^3: Prefer Pure Perl Core Modules
by hrcerq (Scribe) on Jul 15, 2021 at 01:45 UTC
    You can also look at virtualenv and carton; they may give you what you need.

    Maybe you mean plenv instead of virtualenv? (AFAIK virtualenv is used for python projects)

    Anyway, I think plenv helps in the sense that I can create application-specific repositories, instead of mixing dependencies for a lot of different applications, which could easily become a mess. From a security perspective, however, it remains the same situation, unfortunately.

    return on_success() or die;

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11134996]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (3)
As of 2022-06-30 20:23 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My most frequent journeys are powered by:









    Results (98 votes). Check out past polls.

    Notices?