Skip to content
forked from RetireJS/retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilites

Notifications You must be signed in to change notification settings

tdm00/retire.js

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

94 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Retire.js

What you require you must also retire

There is a pletora of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay update on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your webapp. The goal of Retire.js is to help you detect the use of JS-library versions with known vulnerabilities.

Retire.js has two parts:

  1. A command line scanner
  2. A Chrome extension
  3. A grunt plugin

Command line scanner

Scan a web app or node app for use of vulnerable JavaScript libraries and/or node modules.

Chrome extension

Scans visisted sites for references to insecure libraries, and puts warnings in the developer console. A icon on the address bar displays will also indicated if vulnerable libraries were loaded.

About

scanner detecting the use of JavaScript libraries with known vulnerabilites

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 97.9%
  • Shell 1.9%
  • Python 0.2%