Your Brand Here — Reach a focused audience of ethical hackers and security researchers

Retire.js

A scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

ReconScanner

Visit Retire.js

Use this tool only on systems you own or have explicit permission to test.

What you require you must also retire

There is a plethora of JavaScript libraries for use on the Web and in Node.JS apps out there. This greatly simplifies development,but we need to stay up-to-date on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 list of security risks and insecure libraries can pose a huge risk to your Web app.
The goal of Retire.js is to help you detect the use of JS-library versions with known vulnerabilities.

Retire.js can be used in many ways:

As command line scanner
As a grunt plugin
As a gulp task
As a Chrome extension - Not officially available in the Chrome web store
As a Firefox extension - Deprecated Let us know if you want to maintain and undeprecate it.
As a Burp Extension or OWASP ZAP Add-on

Recommended Blogs

Duplicate Registration - The Twinning Twins

Duplicate Registration - The Twinning Twins

Jerry Shah

Feb 8, 2021

RCE via Apache Struts2 - Still out there

RCE via Apache Struts2 - Still out there

Abhishek

Feb 27, 2020

$500 BAC Bug - Unauthorized Removal of Private Pension Schemes

$500 BAC Bug - Unauthorized Removal of Private Pension Schemes

Abhi Sharma

Oct 11, 2025