There are a plethora of JavaScript libraries for use on the Web and in Node.JS apps out there. This greatly simplifies development, but we need to stay up-to-date on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your Web app. The goal of Retire.js is to help you detect the use of JS-library versions with known vulnerabilities.
Retire.js has four parts:
Scan a web app or node app for use of vulnerable JavaScript libraries and/or Node.JS modules.
Scans visited sites for references to insecure libraries, and puts warnings in the developer console. An icon on the address bar will also indicate if vulnerable libraries were loaded.
A Grunt task for running Retire.js as part of your application's build routine, or some other automated workflow.
@h3xstream has adapted Retire.js as a plugin for the penetration testing tools Burp and OWASP ZAP. An alternative OWASP ZAP plugin exists at https://github.com/nikmmy/retire/