Take control of open source security—discover ActiveState’s new management platform!

Perl Package Management Guide for Enterprise Developers

Share
Perl package management continues to evolve, but traditional Perl package managers are slow to catch up. Perl developers working in enterprises must deal with the consequences, including:
 
  • Poor Environment Reproducibility – slightly different configurations across environments result in “works on my machine” issues and time wasted reproducing bugs, delaying time to market.
  • Choosing the Right Packages/ Versions – how can you be sure you are always choosing the correct, approved open source components and versions required by your organization?
  • Supply Chain Security – installing unsigned binaries with package managers is convenient but risky. On the other hand, building packages from source for multiple operating systems is painful, especially if they require linked C libraries.
  • Finding & Fixing Vulnerabilities – investigating vulnerabilities, patching/updating components and rebuilding environments are time and resource-intensive, leaving less time for coding.

If you wrestle with any of these issues, this white paper is for you. It explains how adopting the ActiveState Platform will help you resolve these issues allowing you to spend more time coding and less time managing packages and environments. All of which means you’re more likely to complete your sprint deliverables on time!

For more than 20 years, the Perl ecosystem has featured a command line tool called CPAN, which was distributed with the Perl core and provided a functional way to download and install CPAN packages and their dependencies within the cpan shell. CPANPLUS was later introduced in the Perl core as an ambitious, full-featured alternative to CPAN starting with Perl 5.10.0, but never achieved its lofty goals and was subsequently removed in v5.20.0. Today, the most widely recommended package management tool is a third party module called cpanminus, which is a “zero configuration” tool that doesn’t require a separate shell like CPAN. 

Dependency management functionality is provided by numerous third-party libraries, such as carton, which tracks Perl module dependencies in order to ensure your project can be packaged for deployment in a consistent way. Environment management is addressed by virtual environment creation and management tools like plenv and perlbrew (or berrybrew on Windows OS).

There are a number of alternative package managers available from other ecosystems, as well, such as apt and yum for Linux distributions. Linux package management tools are capable of managing packages and environments, as well as resolving dependencies. However, they do not natively support virtual environments, so you’ll have to rely on one of the solutions listed above.

Given the strengths and weaknesses of traditional package managers, seasoned Perl developers often gravitate to their favourite sets of tools to help manage their environments and dependencies. However, when it comes to issues like dependency conflicts, fixing vulnerabilities, or troubleshooting “works on my machine” issues, today’s package managers leave developers to manually implement their own workarounds.

The white paper discusses a mix of traditional and evolving use cases that are either not addressed, or else poorly addressed by traditional package management solutions. The ActiveState Platform has been specifically designed to address these gaps.

  • Dependency Resolution & Conflicts
  • Supply Chain Security
  • Environment Reproducibility
  • Choosing the Right Packages
  • Finding and Fixing Vulnerabilities

download Perl package management white paper

Once you download the white paper, you can explore how enterprise developers can benefit from: 

  • Consistent, reproducible Perl environments that can be deployed to all systems with a single command.
  • Automated installation of virtual Perl environments on Windows or Linux without requiring prior setup.
  • The ability to find, fix and automatically rebuild vulnerable environments, thereby enhancing security and dramatically reducing time and effort involved in resolving CVEs.
  • Visually seeing which versions of which packages are approved for use, thereby taking the guesswork out of development.

Those that prefer to work from the command line can leverage the ActiveState Platform’s CLI, the State Tool, which acts as a universal package manager for Perl and Python, and provides access to most of the features offered by the Platform.


Ultimately, developers that are willing to adopt the ActiveState Platform will spend less time wrestling with Perl package management tooling and more time focused on doing what they do best: coding.

To try the ActiveState Platform for yourself, on Windows, macOS or Linux, create a free account here.

Or install our Perl 5.32 powered by the ActiveState Platform via command line for Windows or Linux (Command Prompt on Windows)

Running the above command will install our CLI, the State Tool. Use this CLI Cheatsheet to start installing Perl packages with the State Tool.

At ActiveState, we use the Platform to build not only our popular open source language distributions, but also custom runtimes for our enterprise clients (i.e. builds containing just the language and packages their project requires). Contact Sales to get a free demo and understand how it can support your enterprise’s open source needs.



Download Whitepaper

modern perl package management
Scroll to Top