GitHunt
SH

shaunwarman/retire-scanner

A bit of a ~hack~ wrapper around retire.js for programmatic use

retire-scanner

A retire.js wrapper for programmatic use.

Install

npm i -S retire-scanner

Use

const Scanner = require('retire-scanner');

(async () => {
  const scanner = new Scanner({ path: 'public' });
  const result = await scanner.scan();
  console.log(result);
})();

// { 
//  base64url: [ { severity: 'high', summary: 'Out-of-bounds Read' } ],
//  hoek:
//    [ { severity: 'low', summary: 'Prototype pollution attack' } ],
//  lodash:
//    [ { severity: 'low', summary: 'Prototype pollution attack' },
//      { severity: 'low', summary: 'Prototype pollution attack' } ]
// }

Debug

Run the scanner in debug mode by prefixing DEBUG=retire to your node startup command. (e.g. DEBUG=retire node scanner.js).

Requirements

retire.js binary needs to be globally installed and present.

Install retire.js with npm i -g retire.js.

Languages

JavaScript100.0%
Created March 14, 2019
Updated March 27, 2024
shaunwarman/retire-scanner | GitHunt