Retire.js

Retire.js is an open-source JavaScript vulnerability scanner that detects the use of known vulnerable JavaScript libraries and Node.js modules in web applications and projects by scanning JavaScript files, comparing them against a continuously updated vulnerability repository, and identifying components with security flaws referenced in OWASP Top 10 "Using Components with Known Vulnerabilities." The tool integrates into development workflows through command-line interfaces, Grunt/Gulp task runners, browser extensions, Burp Suite plugins, and OWASP ZAP add-ons to provide automated detection of insecure library versions with SBOM generation capabilities, enabling developers and security teams to identify and remediate vulnerable dependencies throughout the software development lifecycle.