/ 
Mite-v0.0.2
River stage zero No dependents
⭐ Starred 4 GitHub stars
/ Mite::ModuleBuild
Security Advisories (1)
CVE-2025-30672 (2025-04-01)

Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. This affects the Mite distribution itself, and other distributions that contain code generated by Mite.

NAME

Mite::ModuleBuild - Use in your Build.PL when developing with Mite

SYNOPSIS

# In Build.PL
use Module::Build;
my $class = eval { require Mite::ModuleBuild } || 'Module::Build';

my $build = $class->new(
    ...as normal...
);
$build->create_build_script;

DESCRIPTION

If your module is being developed with Module::Build, this module makes working with Mite more natural.

Be sure to require this in an eval block so users can install your module without mite. require will return the name of the class.

./Build

When ./Build is run, mite will compile any changes.

./Build clean

When ./Build clean is run, mite files will be cleaned up as well.

./Build manifest

Be sure to run this after running ./Build and before running ./Build dist so all the mite files are picked up.

MANIFEST.SKIP

The .mite directory should not be shipped with your distribution. Add ^\.mite/ to your MANIFEST.SKIP file.