GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → RetireJS → Retire.js

RetireJS / Retire.js

Licence: other
scanner detecting the use of JavaScript libraries with known vulnerabilities

Programming Languages

javascript
184084 projects - #8 most used programming language
shell
77523 projects

Labels

securitychrome-extensionscannerbuild-toolfirefox-extensionvulnerabilitiesgrunt-pluginssoftware-composition-analysisvulnerable-librariesinsecure-libraries

Projects that are alternatives of or similar to Retire.js

Floccus
☁️ Sync your bookmarks privately across browsers
Stars: ✭ 2,630 (-9.59%)
Mutual labels:  chrome-extension, firefox-extension
Archiveror
Archiveror will help you preserve the webpages you love. 💾
Stars: ✭ 246 (-91.54%)
Mutual labels:  chrome-extension, firefox-extension
React Extension Boilerplate
🚀 Modern React boilerplate for Firefox and Chrome extensions.
Stars: ✭ 177 (-93.92%)
Mutual labels:  chrome-extension, firefox-extension
Devo
A Chrome and Firefox extension that displays GitHub Trending, Hacker News, Product Hunt and Designer News on every new tab.
Stars: ✭ 236 (-91.89%)
Mutual labels:  chrome-extension, firefox-extension
Ghosttext
👻 Use your text editor to write in your browser. Everything you type in the editor will be instantly updated in the browser (and vice versa).
Stars: ✭ 2,614 (-10.14%)
Mutual labels:  chrome-extension, firefox-extension
Tako
Tako replaces the default Github repository file list with an expandable file tree and file preview for rapid exploration of repositories.
Stars: ✭ 172 (-94.09%)
Mutual labels:  chrome-extension, firefox-extension
Grasp
A reliable org-capture browser extension for Chrome/Firefox
Stars: ✭ 193 (-93.37%)
Mutual labels:  chrome-extension, firefox-extension
Browser Extension Json Discovery
Browser (Chrome, Firefox) extension for JSON discovery
Stars: ✭ 157 (-94.6%)
Mutual labels:  chrome-extension, firefox-extension
Generator Web Extension
Advanced WebExtension generator that creates everything you need to get started with cross-browser web-extension development.
Stars: ✭ 212 (-92.71%)
Mutual labels:  chrome-extension, firefox-extension
Smartproxy
Firefox/Chrome browser extension. SmartProxy will automatically enable/disable proxy for the sites you visit, based on customizable patterns.
Stars: ✭ 199 (-93.16%)
Mutual labels:  chrome-extension, firefox-extension
Sponsorblock
Skip YouTube video sponsors (browser extension)
Stars: ✭ 3,627 (+24.68%)
Mutual labels:  chrome-extension, firefox-extension
Browserextension
💻 SteamDB's extension for Steam websites
Stars: ✭ 230 (-92.09%)
Mutual labels:  chrome-extension, firefox-extension
Spotify Lyrics
🎉 Desktop Spotify Web Player Instant Synchronised Lyrics
Stars: ✭ 162 (-94.43%)
Mutual labels:  chrome-extension, firefox-extension
Github Mermaid Extension
A browser extension for Chrome, Opera & Firefox that adds Mermaid language support to Github
Stars: ✭ 170 (-94.16%)
Mutual labels:  chrome-extension, firefox-extension
Absolutedoubletrace
A web extension to block browser fingerprinting
Stars: ✭ 156 (-94.64%)
Mutual labels:  chrome-extension, firefox-extension
Privacybadger
Privacy Badger is a browser extension that automatically learns to block invisible trackers.
Stars: ✭ 2,346 (-19.35%)
Mutual labels:  chrome-extension, firefox-extension
Slader Extension
Bypass Slader's 5 solutions limit per month to college books and remove the paywall about how many solutions left
Stars: ✭ 131 (-95.5%)
Mutual labels:  chrome-extension, firefox-extension
Disable Javascript
Adds the ability to disable JavaScript on specific sites.
Stars: ✭ 151 (-94.81%)
Mutual labels:  chrome-extension, firefox-extension
Oldschool Github Extension
Revert GitHub's UI back to its classic look (before the June 23, 2020 update that has a flat, rounded and more whitespaced design).
Stars: ✭ 200 (-93.12%)
Mutual labels:  chrome-extension, firefox-extension
Bypass Paywalls Chrome
Bypass Paywalls web browser extension for Chrome and Firefox.
Stars: ✭ 20,876 (+617.63%)
Mutual labels:  chrome-extension, firefox-extension
View All Similar Projects ➔

Retire.js

What you require you must also retire

There is a plethora of JavaScript libraries for use on the Web and in Node.JS apps out there. This greatly simplifies development,but we need to stay up-to-date on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 list of security risks and insecure libraries can pose a huge risk to your Web app. The goal of Retire.js is to help you detect the use of JS-library versions with known vulnerabilities.

Retire.js can be used in many ways:

  1. As command line scanner
  2. As a grunt plugin
  3. As a gulp task
  4. As a Chrome extension
  5. As a Firefox extension
  6. As a Burp Extension or OWASP ZAP Add-on

Command line scanner

Scan a web app or node app for use of vulnerable JavaScript libraries and/or Node.JS modules. If you haven't already, you need to install node/npm first. In the source code folder of the application folder run:

$ npm install -g retire
$ retire

Grunt plugin

A Grunt task for running Retire.js as part of your application's build routine, or some other automated workflow.

Gulp task

An example of a Gulp task which can be used in your gulpfile to watch and scan your project files automatically. You can modify the watch patterns and (optional) Retire.js options as you like.

const c = require('ansi-colors');

var gulp = require('gulp');
var beeper = require('beeper');
var log = require('fancy-log');
var spawn = require('child_process').spawn;

gulp.task('retire:watch', ['retire'], function (done) {
    // Watch all javascript files and package.json
    gulp.watch(['js/**/*.js', 'package.json'], ['retire']);
});

gulp.task('retire', function() {
    // Spawn Retire.js as a child process
    // You can optionally add option parameters to the second argument (array)
    var child = spawn('retire', [], {cwd: process.cwd()});
    
    child.stdout.setEncoding('utf8');
    child.stdout.on('data', function (data) {
        log(data);
    });

    child.stderr.setEncoding('utf8');
    child.stderr.on('data', function (data) {
        log(c.red(data));
        beeper();
    });
});

Chrome and firefox extensions

Scans visited sites for references to insecure libraries, and puts warnings in the developer console. An icon on the address bar displays will also indicate if vulnerable libraries were loaded.

Burp Extension and OWASP ZAP Add-on

@h3xstream has adapted Retire.js as a plugin for the penetration testing tools Burp and OWASP ZAP.

The OWASP ZAP team officially supports a Retire.js add-on which is available via the ZAP Marketplace and is included by default in the ZAP weekly releases: https://www.zaproxy.org/docs/desktop/addons/retire.js/

Donate

Flattr this

Donations will be used to fund the maintainance of the tool and vulnerability repo.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].