Popularity

5.6

Stable

Activity

8.9

Growing

Stars 3,503

Watchers 87

Forks 411

Last Commit 11 days ago

Description

There is a plethora of JavaScript libraries for use on the Web and in Node.JS apps out there. This greatly simplifies development,but we need to stay up-to-date on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 list of security risks and insecure libraries can pose a huge risk to your Web app. The goal of Retire.js is to help you detect the use of JS-library versions with known vulnerabilities.

Programming language: JavaScript

License: GNU General Public License v3.0 or later

Tags: Security Vulnerabilities Automation

Latest version: v2.2.1

Retire.js alternatives and similar libraries

Based on the "Security" category.
Alternatively, view Retire.js alternatives based on common mentions on social networks and blogs.

DOMPurify

8.1 8.5 L2 Retire.js VS DOMPurify

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
SuperTokens Community

7.8 9.4 Retire.js VS SuperTokens Community

Open source alternative to Auth0 / Firebase Auth / AWS Cognito

SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App

With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

Promo surveyjs.io

js-xss

6.4 4.8 Retire.js VS js-xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
sanitize-html

5.6 7.6 Retire.js VS sanitize-html

Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance
Themis by Cossack Labs

4.2 5.9 L3 Retire.js VS Themis by Cossack Labs

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
xss-filters

3.4 0.0 L4 Retire.js VS xss-filters

Secure XSS Filters by Yahoo
cidaas SDK for JS

0.6 9.2 Retire.js VS cidaas SDK for JS

With this SDK, you can integrate cidaas smoothly and with minimal effort into your javascript application. It enables you to map the most important user flows for OAuth2 and OIDC compliant authentication. Secure – Fast – And unrivaled Swabian.
data-guardian 🔒

0.5 7.9 Retire.js VS data-guardian 🔒

Tiny, zero-dependencies, package which tries to mask sensitive data in arbitrary collections (map, set), errors, objects and strings.

* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.

Do you think we are missing an alternative of Retire.js or a related project?

Add another 'Security' Library

Popular Comparisons

README

Retire.js

What you require you must also retire

Retire.js can be used in many ways:

Command line scanner

Scan a web app or node app for use of vulnerable JavaScript libraries and/or Node.JS modules. If you haven't already, you need to install node/npm first. In the source code folder of the application folder run:

$ npm install -g retire
$ retire

Grunt plugin

A Grunt task for running Retire.js as part of your application's build routine, or some other automated workflow.

Gulp task

An example of a Gulp task which can be used in your gulpfile to watch and scan your project files automatically. You can modify the watch patterns and (optional) Retire.js options as you like.

const c = require('ansi-colors');

var gulp = require('gulp');
var beeper = require('beeper');
var log = require('fancy-log');
var spawn = require('child_process').spawn;

gulp.task('retire:watch', ['retire'], function (done) {
    // Watch all javascript files and package.json
    gulp.watch(['js/**/*.js', 'package.json'], ['retire']);
});

gulp.task('retire', function() {
    // Spawn Retire.js as a child process
    // You can optionally add option parameters to the second argument (array)
    var child = spawn('retire', [], {cwd: process.cwd()});

    child.stdout.setEncoding('utf8');
    child.stdout.on('data', function (data) {
        log(data);
    });

    child.stderr.setEncoding('utf8');
    child.stderr.on('data', function (data) {
        log(c.red(data));
        beeper();
    });
});

Chrome and firefox extensions

Scans visited sites for references to insecure libraries, and puts warnings in the developer console. An icon on the address bar displays will also indicate if vulnerable libraries were loaded.

Burp Extension and OWASP ZAP Add-on

@h3xstream has adapted Retire.js as a plugin for the penetration testing tools Burp and OWASP ZAP.

The OWASP ZAP team officially supports a Retire.js add-on which is available via the ZAP Marketplace and is included by default in the ZAP weekly releases: https://www.zaproxy.org/docs/desktop/addons/retire.js/

Donate

Donations will be used to fund the maintainance of the tool and vulnerability repo.

Retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

Description

Retire.js alternatives and similar libraries

Popular Comparisons

README

Retire.js

What you require you must also retire

Command line scanner

Grunt plugin

Gulp task

Chrome and firefox extensions

Burp Extension and OWASP ZAP Add-on

Donate