There are plenty of JavaScript libraries available on the web and Node.js applications out there. Statistics show that nearly eighty percent code in a typical modern web application comes from third party libraries. A web application is therefore also vulnerable to the vulnerabilities of third party libraries that it uses. It is very critical for a web application to stay up-to-date with security fixes of these third party libraries. Retire.js is an open-source tool that scans a website and generates alerts about the vulnerable versions of JavaScript libraries used by it. ZAP is a very popular, open source web penetration testing tool. This project involves writing a Retire.js add-on for ZAP.

• Retire.js author Erlend Oftedal.
• ZAP and Mozilla community OWASP ZAP.