Skip to content

bekk/retire.js

 
 

Repository files navigation

Retire.js

Retire Status

What you require you must also retire

There are a plethora of JavaScript libraries for use on the Web and in Node.JS apps out there. This greatly simplifies development, but we need to stay up-to-date on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your Web app. The goal of Retire.js is to help you detect the use of JS-library versions with known vulnerabilities.

Retire.js has four parts:

  1. A command line scanner
  2. A Chrome extension
  3. A grunt plugin
  4. Burp and OWASP Zap plugin

Command line scanner

Scan a web app or node app for use of vulnerable JavaScript libraries and/or Node.JS modules.

Chrome extension

Scans visited sites for references to insecure libraries, and puts warnings in the developer console. An icon on the address bar will also indicate if vulnerable libraries were loaded.

Grunt plugin

A Grunt task for running Retire.js as part of your application's build routine, or some other automated workflow.

Burp and OWASP ZAP plugin

@h3xstream has adapted Retire.js as a plugin for the penetration testing tools Burp and OWASP ZAP. An alternative OWASP ZAP plugin exists at https://github.com/nikmmy/retire/

Releases

No releases published

Packages

No packages published

Languages

  • Roff 68.6%
  • JavaScript 28.8%
  • Shell 1.8%
  • HTML 0.8%