There is a plethora of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay update on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your webapp. The goal of Retire.js is to help you detect use of version with known vulnerabilities.
Retire.js has these parts:
- A command line scanner
- A grunt plugin
- A Chrome extension
- A Firefox extension
- Burp and ZAP plugin
Command line scanner
Scan a web app or node app for use of vulnerable JavaScript libraries and/or node modules.
Grunt plugin
grunt-retire scans your grunt enabled app for use of vulnerable JavaScript libraries and/or node modules.
Chrome and Firefox extensions
Scans visited sites for references to insecure libraries, and puts warnings in the developer console. A icon on the address bar displays will also indicated if vulnerable libraries were loaded.
Burp and ZAP plugins
Retire.js has been adapted as a plugin for Burp Suite and as an add-on for ZAP.
Vulnerabilities
These are the vulnerabilities currently detected by Retire.jsJavaScript libraries
Library | From version | Up to version | Links |
---|
Node packages
Library | From version | Up to version | Links |
---|