What you require you must also retire
Retire.js can be used in many ways:
- As command line scanner
- As a grunt plugin
- As a gulp task
- As a Chrome extension
- As a Firefox extension
- As a Burp and OWASP Zap plugin
Command line scanner
$ npm install -g retire $ retire
A Grunt task for running Retire.js as part of your application's build routine, or some other automated workflow.
An example of a Gulp task which can be used in your gulpfile to watch and scan your project files automatically. You can modify the watch patterns and (optional) Retire.js options as you like.
Chrome and firefox extensions
Scans visited sites for references to insecure libraries, and puts warnings in the developer console. An icon on the address bar displays will also indicate if vulnerable libraries were loaded.
Burp and OWASP ZAP plugin
The OWASP ZAP team officially supports a Retire.js plugin which is available via the ZAP Marketplace and is included by default in the ZAP weekly releases: https://www.zaproxy.org/docs/desktop/addons/retire.js/
Donations will be used to fund the maintainance of the tool and vulnerability repo.