Add Retire.js · FGRibreau/check-build#10

2014-11-11T13:27:15.000Z

It seems to me that [Retire](http://bekk.github.io/retire.js/) follows a different approach to identifying modules with vulnerabilities than Nsp does. If this is confirmed, I would support the inclusion of Retire to check-build. ## --- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/5915660-add-retire-js?utm_campaign=plugin&utm_content=tracker%2F7304231&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F7304231&utm_medium=issues&utm_source=github).

(2 comments) (0 reactions) (0 assignees)JavaScript (695 stars) (33 forks)batch import

enhancementhelp wanted

説明

It seems to me that Retire follows a different approach to identifying modules with vulnerabilities than Nsp does. If this is confirmed, I would support the inclusion of Retire to check-build.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

コントリビューターガイド

技術スタック: nodejsjavascript
領域: securitydeveloper experience
Issue 種別: feature
難度: 3
推定時間: 1-2 days
活動状況: stale
明確さ: needs investigation
前提条件: Node.js developmentfamiliarity with check buildbasic understanding of vulnerability scanning
初心者向け度: 20
調査方針: The issue proposes adding Retire.js to check build for vulnerability detection, but it's unclear if Retire.js offers a different approach than existing checks. Investigate Retire.js (http://bekk.github.io/retire.js/) and compare with current Nsp integration. Review check build's architecture in its source code (likely in lib/ or src/ folders). Since the issue is old and unresolved, the maintainer may not have confirmed the need; reach out in the issue comments to clarify the scope and acceptance criteria before proceeding.