Add Retire.js · FGRibreau/check-build#10

2014-11-11T13:27:15.000Z

It seems to me that [Retire](http://bekk.github.io/retire.js/) follows a different approach to identifying modules with vulnerabilities than Nsp does. If this is confirmed, I would support the inclusion of Retire to check-build. ## --- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/5915660-add-retire-js?utm_campaign=plugin&utm_content=tracker%2F7304231&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F7304231&utm_medium=issues&utm_source=github).

(2 comments) (0 reactions) (0 assignees)JavaScript (695 stars) (33 forks)batch import

enhancementhelp wanted

Description

It seems to me that Retire follows a different approach to identifying modules with vulnerabilities than Nsp does. If this is confirmed, I would support the inclusion of Retire to check-build.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Contributor guide

Tech stack: nodejsjavascript
Domain: securitydeveloper experience
Issue type: feature
Difficulty: 3
Estimated time: 1-2 days
Activity status: stale
Clarity: needs investigation
Prerequisites: Node.js developmentfamiliarity with check buildbasic understanding of vulnerability scanning
Newbie friendliness: 20
Research direction: The issue proposes adding Retire.js to check build for vulnerability detection, but it's unclear if Retire.js offers a different approach than existing checks. Investigate Retire.js (http://bekk.github.io/retire.js/) and compare with current Nsp integration. Review check build's architecture in its source code (likely in lib/ or src/ folders). Since the issue is old and unresolved, the maintainer may not have confirmed the need; reach out in the issue comments to clarify the scope and acceptance criteria before proceeding.