retire
Retire is a tool for detecting use of vulnerable libraries
Last updated 9 months ago by eoftedal .
Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install retire 
SYNC missed versions from official npm registry.

Command line scanner looking for use of known vulnerable js files and node modules in web projects and/or node projects.

Install

npm install -g retire

Usage

Usage: retire [options]

Options:

-h, --help              output usage information
-V, --version           output the version number

-p, --package           limit node scan to packages where parent is a dependency mentioned in package.json (ignore node_modules and devDependencies)
-n, --node              Run node dependency scan only
-j, --js                Run scan of JavaScript files only
-v, --verbose           Show identified files (by default only vulnerable files are shown)
-x, --dropexternal      Don't include project provided vulnerability repository
-c, --nocache           Don't use local cache

--jspath <path>         Folder to scan for javascript files
--nodepath <path>       Folder to scan for node files
--path <path>           Folder to scan for both
--jsrepo <path|url>     Local or internal version of repo
--noderepo <path|url>   Local or internal version of repo
--proxy <url>           Proxy url (http://some.server:8080)
--outputformat <format> Valid formats: text, json
--outputpath <path>     File to which output should be written
--ignore <paths>        Comma delimited list of paths to ignore
--ignorefile <path>     Custom .retireignore file, defaults to .retireignore
--severity <level>      Specify the bug severity level from which the process fails. Allowed levels none, low, medium, high, critical. Default: none
--exitwith <code>       Custom exit code (default: 13) when vulnerabilities are found

.retireignore

@qs                                                             # ignore this module regardless of location
node_modules/connect/node_modules/body-parser/node_modules/qs   # ignore specific path

Due to a bug in ignore resolving, please upgrade to >= 1.1.3

.retireignore.json

[
	{ 
		"component": "jquery",
		"identifiers" : { "issue": "2432"},
		"justification" : "We dont call external resources with jQuery"
	},
	{ 
		"component": "jquery",
		"version" : "2.1.4",
		"justification" : "We dont call external resources with jQuery"
	},
	{
		"path" : "node_modules",
		"justification" : "The node modules are only used for building - client side dependencies are using bower"
	}

]

Source code / Reporting an issue

The source code and issue tracker can be found at https://github.com/RetireJS/retire.js

Current Tags

  • 2.0.0-beta.13                                ...           beta (2 years ago)
  • 2.0.3                                ...           latest (9 months ago)

84 Versions

  • 1.6.3                                ...           9 months ago
  • 2.0.3                                ...           9 months ago
  • 2.0.2                                ...           a year ago
  • 2.0.1                                ...           a year ago
  • 2.0.0                                ...           a year ago
  • 1.6.2                                ...           2 years ago
  • 1.6.1                                ...           2 years ago
  • 2.0.0-beta.13                                ...           2 years ago
  • 2.0.0-beta.11                                ...           2 years ago
  • 2.0.0-beta.10                                ...           2 years ago
  • 2.0.0-beta.8                                ...           2 years ago
  • 2.0.0-beta.7                                ...           2 years ago
  • 2.0.0-beta.5                                ...           2 years ago
  • 2.0.0-beta.4                                ...           2 years ago
  • 2.0.0-beta.3                                ...           2 years ago
  • 1.6.0                                ...           2 years ago
  • 1.5.1                                ...           2 years ago
  • 1.5.0                                ...           2 years ago
  • 2.0.0-beta.2                                ...           2 years ago
  • 2.0.0-beta.1                                ...           2 years ago
  • 1.4.0                                ...           2 years ago
  • 1.3.3                                ...           3 years ago
  • 1.3.2                                ...           3 years ago
  • 1.3.1                                ...           3 years ago
  • 1.2.13                                ...           3 years ago
  • 1.2.12                                ...           3 years ago
  • 1.2.11                                ...           3 years ago
  • 1.2.10                                ...           3 years ago
  • 1.2.9                                ...           3 years ago
  • 1.2.8                                ...           3 years ago
  • 1.2.7                                ...           3 years ago
  • 1.2.6                                ...           3 years ago
  • 1.2.5                                ...           3 years ago
  • 1.2.4                                ...           3 years ago
  • 1.2.3                                ...           3 years ago
  • 1.2.2                                ...           3 years ago
  • 1.2.1                                ...           3 years ago
  • 1.2.0                                ...           3 years ago
  • 1.1.6                                ...           3 years ago
  • 1.1.5                                ...           4 years ago
  • 1.1.4                                ...           4 years ago
  • 1.1.3 [deprecated]           ...           4 years ago
  • 1.1.2                                ...           4 years ago
  • 1.1.1                                ...           5 years ago
  • 1.1.0                                ...           5 years ago
  • 1.0.1                                ...           5 years ago
  • 1.0.0                                ...           5 years ago
  • 0.4.0                                ...           5 years ago
  • 0.3.8                                ...           5 years ago
  • 0.3.7                                ...           5 years ago
  • 0.3.6                                ...           5 years ago
  • 0.3.5                                ...           5 years ago
  • 0.3.4                                ...           5 years ago
  • 0.3.3                                ...           5 years ago
  • 0.3.2                                ...           5 years ago
  • 0.3.1                                ...           5 years ago
  • 0.2.2                                ...           5 years ago
  • 0.2.1                                ...           6 years ago
  • 0.2.0                                ...           6 years ago
  • 0.1.24                                ...           6 years ago
  • 0.1.23                                ...           6 years ago
  • 0.1.22                                ...           6 years ago
  • 0.1.21                                ...           6 years ago
  • 0.1.20                                ...           6 years ago
  • 0.1.19                                ...           6 years ago
  • 0.1.18                                ...           6 years ago
  • 0.1.17                                ...           6 years ago
  • 0.1.16                                ...           6 years ago
  • 0.1.15                                ...           6 years ago
  • 0.1.14                                ...           6 years ago
  • 0.1.13                                ...           6 years ago
  • 0.1.12                                ...           6 years ago
  • 0.1.11                                ...           6 years ago
  • 0.1.10                                ...           6 years ago
  • 0.1.9                                ...           6 years ago
  • 0.1.8                                ...           6 years ago
  • 0.1.7                                ...           6 years ago
  • 0.1.6                                ...           6 years ago
  • 0.1.5                                ...           6 years ago
  • 0.1.4                                ...           6 years ago
  • 0.1.3                                ...           6 years ago
  • 0.1.2                                ...           6 years ago
  • 0.1.1                                ...           6 years ago
  • 0.1.0                                ...           6 years ago
Maintainers (2)
Downloads
Today 1
This Week 8
This Month 310
Last Day 5
Last Week 10
Last Month 371
Dependencies (5)
Dev Dependencies (2)

Copyright 2014 - 2016 © taobao.org |