v5.26 removes dot from @INC

As of v5.26, the . in @INC is gone by default. When you compile perl, it bakes the default module search path (based on your configure settings) into the binary. These are the paths that perl searches without you adding to @INC with command-line switches or environment variables, and the paths you see when you run perl -V:

$ perl -V
... lots of other output ...

Since that . is not a directory you know about until use or require starts to do their work and someone might fool your program into being in the wrong directory, that can lead to you loading a module you don’t want or expect. I write more about that in Perl v5.26 removes . from @INC, but don’t think you’re safe! on my Mastering Perl blog. Consider the Storable security problem, for instance.

If you really, really want to find modules in the current working directory as the last place to look, you can compile your perl with -Ddefault_inc_excludes_dot not set and the PERL_USE_UNSAFE_INC environment variable set to 1 (exactly, not just true). But, this is a kludge to make a newly-compiled perl work like the old ones. If you intend to keep looking in the current working directory for your libraries, you should include it through the normal library manipulation practices, such as use lib and FindBin.

Leave a comment


Leave a Reply

[ Ctrl + Enter ]