CPAN uploads are declining. Part of this is the challenge of figuring out how to write a new module, navigate PAUSE, and release it. Many languages make it very easy to share new open source code with their community and that support is often in the core language.
$ go mod tidy $ go test ./... $ git commit -m "mymodule: changes for v0.1.0" $ git tag v0.1.0 $ git push origin v0.1.0 $ GOPROXY=proxy.golang.org go list -m firstname.lastname@example.org
And then others can easily install it:
$ go get email@example.com
Perl needs a core solution for solving this problem. What I would like is a workflow similar to this:
$ module new My::Awesome::Module # might prompt for name and email $ cd my-awesome-module $ # hack, hack, hack $ module build # builds all files needed for installation and CPAN sharing $ module test # also does `build` $ module release # also does `build` and `test`
Some of those solutions are opinionated and some are bewildering to new developers. Having to understand the CPAN and figure out which of multiple solutions are appropriate is painful. Having a core solution that works "out of the box" would be very valuable to Perl.
One CPAN author I have spoken to wants to build something like this, but he will be using
bash, making it a potentially non-portable solution. I've already seen P5P reject
bash-based solutions for some ideas.
Giving us PAUSE
PAUSE is a potential obstacle for the first-time module author. Navigating the PAUSE web site is a bit painful and the use of basic authentication and the 1995-style layout help reinforce the "Perl is dead" meme. Releasing a module for the first time should automatically request a new PAUSE account for the would-be author. There should be clear feedback to the author that this process might take X amount of time.
A naïve, first-pass solution, given that PAUSE does not (as far as I know) have an API, is to
POST https://pause.perl.org/pause/query?ACTION=request_id with the name and email taken from the new module info, the description being "I would like to upload $module_name to the CPAN." and letting them choose a user-name, though we'd need to let them know before they submit if that name is taken.
Cyber Resiliency Act
Others would like to be able to easily release to, and install from, github or something similar. This would increase the tool's utility, but the upcoming EU Cyber Resiliancy Act might make module author's liable for not responding to security issues. This is discussed here and here. Thus, until we have clarity on what is needed here, going outside of CPAN should be approached cautiously.
I've started working on a CycloneDX SBOM Parser (json only) which might be part of a longer-term plan to address some of these issues, but I don't have much spare time.
Later versions of this software might even allow us to do this:
$ module download Abandoned::Software # downloads https://cpan.metacpan.org/...Abandoned.tgz and unpacks it $ cd abandoned-software $ module --request comaint
Adopting modules, requesting comaint, deprecating your own modules, and so on, could be "one-stop shopping," without ever visiting PAUSE.
At a minimum, the software should allow:
- Creating a new module shell
- Building all necessary metadata files
- Releasing the module
For this to go into core, stripping out all non-core dependencies would likely be needed.