NAME
Perl::Critic::Policy::ValuesAndExpressions::ProhibitComplexVersion - Prohibit version values from outside the module.
AFFILIATION
This Policy is part of the core Perl::Critic distribution.
DESCRIPTION
One tempting way to keep a group of related modules at the same version number is to have all of them import the version number from a designated module. For example, module Foo::Master
could be the version master for the Foo
package, and all other modules could use its $VERSION
by
use Foo::Master; our $VERSION = $Foo::Master::VERSION;
This turns out not to be a good idea, because all sorts of unintended things can happen - anything from unintended version number changes to denial-of-service attacks (since Foo::Master
is executed by the 'use').
This policy examines statements that assign to $VERSION
, and declares a violation under two circumstances: first, if that statement uses a fully-qualified symbol that did not originate in a package declared in the file; second if there is a use
statement on the same line that makes the assignment.
By default, an exception is made for use version;
because of its recommendation by Perl Best Practices. See the forbid_use_version
configuration variable if you do not want an exception made for use version;
.
CONFIGURATION
The construction
use version; our $VERSION = qv('1.2.3');
is exempt from this policy by default, because it is recommended by Perl Best Practices. Should you wish to identify use version;
as a violation, add the following to your perlcriticrc file:
[ValuesAndExpressions::ProhibitComplexVersion]
forbid_use_version = 1
CAVEATS
This code assumes that the hallmark of a violation is a 'use' on the same line as the $VERSION
assignment, because that is the way to have it seen by ExtUtils::MakeMaker->parse_version(). Other ways to get a version value from outside the module can be imagined, and this policy is currently oblivious to them.
AUTHOR
Thomas R. Wyant, III wyant at cpan dot org
COPYRIGHT
Copyright (c) 2009-2023 Tom Wyant
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. The full text of this license can be found in the LICENSE file included with this module.