Add Retire.js · FGRibreau/check-build#10

2014-11-11T13:27:15.000Z

It seems to me that [Retire](http://bekk.github.io/retire.js/) follows a different approach to identifying modules with vulnerabilities than Nsp does. If this is confirmed, I would support the inclusion of Retire to check-build. ## --- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/5915660-add-retire-js?utm_campaign=plugin&utm_content=tracker%2F7304231&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F7304231&utm_medium=issues&utm_source=github).

(2 评论) (0 反应) (0 负责人)JavaScript (695 star) (33 fork)batch import

enhancementhelp wanted

描述

It seems to me that Retire follows a different approach to identifying modules with vulnerabilities than Nsp does. If this is confirmed, I would support the inclusion of Retire to check-build.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

贡献者指南

技术栈: nodejsjavascript
领域: securitydeveloper experience
议题类型: feature
难度: 3
预计时间: 1-2 days
活动状态: stale
清晰度: needs investigation
前置要求: Node.js developmentfamiliarity with check buildbasic understanding of vulnerability scanning
新手友好度: 20
研究方向: The issue proposes adding Retire.js to check build for vulnerability detection, but it's unclear if Retire.js offers a different approach than existing checks. Investigate Retire.js (http://bekk.github.io/retire.js/) and compare with current Nsp integration. Review check build's architecture in its source code (likely in lib/ or src/ folders). Since the issue is old and unresolved, the maintainer may not have confirmed the need; reach out in the issue comments to clarify the scope and acceptance criteria before proceeding.