retire
« Back to VersTracker
Description:
Scanner detecting the use of JavaScript libraries with known vulnerabilities
Type: Formula  |  Latest Version: 5.4.0@0  |  Tracked Since: Dec 24, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: security javascript vulnerability-scanner devsecops nodejs
Install: brew install retire
About:
Retire.js is a security scanner that identifies the use of JavaScript libraries with known vulnerabilities within your projects. It analyzes both client-side and server-side code, checking library versions against a comprehensive database of security advisories. This tool helps developers proactively mitigate security risks by flagging outdated or vulnerable dependencies.
Key Features:
  • Scans JavaScript files and Node.js projects for vulnerable library versions
  • Supports multiple sources for vulnerability data including Retire.js's own repository and NVD
  • Integrates with build pipelines (Grunt, Gulp, Webpack) and CI/CD workflows
  • Provides command-line scanning and browser extension for client-side analysis
Use Cases:
  • Auditing existing projects for known security vulnerabilities
  • Integrating security checks into CI/CD pipelines
  • Monitoring third-party scripts on websites for vulnerabilities
Alternatives:
  • npm audit – Native to the Node.js ecosystem, focuses specifically on npm dependencies, whereas Retire.js is broader and can scan frontend assets.
  • OWASP Dependency-Check – A more general-purpose dependency checker for multiple languages, often considered heavier than Retire.js for JS-only projects.
Version History
Detected Version Rev Change Commit
Dec 24, 2025 9:55pm 5.4.0 0 VERSION_BUMP b6a59e1b
Oct 30, 2024 10:09am 0 VERSION_BUMP bf62fd1b
Oct 30, 2024 9:48am 0 VERSION_BUMP 6fef99ce
Sep 26, 2024 9:52am 0 VERSION_BUMP 1cc90834
« Back to VersTracker  |  Browse Packages  |  About