Mapping of modules to distributions is naive and wrong #9
Description
Currently the code seems to assume the module names that are depended on (e.g. Test::CVE) map 1-on-1 with distribution names (e.g. Test-CVe). This is not a safe assumption, most commonly not because a distribution may contain multiple modules.
To map this correctly, one needs the cpan database (02packages or an online equivalent such as metacpan) to do a lookup instead of simply substituting :: with -.