UNPKG

retire/README.md

Version:

2.58 kBMarkdownView Raw

1Command line scanner looking for use of known vulnerable js files and node modules in web projects and/or node projects.
2
3Install
4-------
5
6    npm install -g retire
7
8
9Usage
10-----
11
12````
13Usage: retire [options]
14
15Options:
16
17-h, --help              output usage information
18-V, --version           output the version number
19
20-p, --package           limit node scan to packages where parent is a dependency mentioned in package.json (ignore node_modules and devDependencies)
21-n, --node              Run node dependency scan only
22-j, --js                Run scan of JavaScript files only
23-v, --verbose           Show identified files (by default only vulnerable files are shown)
24-x, --dropexternal      Don't include project provided vulnerability repository
25-c, --nocache           Don't use local cache
26
27--jspath <path>         Folder to scan for javascript files
28--nodepath <path>       Folder to scan for node files
29--path <path>           Folder to scan for both
30--jsrepo <path|url>     Local or internal version of repo
31--noderepo <path|url>   Local or internal version of repo
32--proxy <url>           Proxy url (http://some.server:8080)
33--outputformat <format> Valid formats: text, json
34--outputpath <path>     File to which output should be written
35--ignore <paths>        Comma delimited list of paths to ignore
36--ignorefile <path>     Custom .retireignore file, defaults to .retireignore
37--severity <level>      Specify the bug severity level from which the process fails. Allowed levels none, low, medium, high, critical. Default: none
38--exitwith <code>       Custom exit code (default: 13) when vulnerabilities are found
39````
40
41.retireignore 
42-------------
43````
44@qs                                                             # ignore this module regardless of location
45node_modules/connect/node_modules/body-parser/node_modules/qs   # ignore specific path
46````
47Due to a bug in ignore resolving, please upgrade to >= 1.1.3
48
49.retireignore.json
50------------------
51````
52[
53	{ 
54		"component": "jquery",
55		"identifiers" : { "issue": "2432"},
56		"justification" : "We dont call external resources with jQuery"
57	},
58	{ 
59		"component": "jquery",
60		"version" : "2.1.4",
61		"justification" : "We dont call external resources with jQuery"
62	},
63	{
64		"path" : "node_modules",
65		"justification" : "The node modules are only used for building - client side dependencies are using bower"
66	}
67
68]
69````
70
71Source code / Reporting an issue
72--------------------------------
73The source code and issue tracker can be found at [https://github.com/RetireJS/retire.js](https://github.com/RetireJS/retire.js)
74
\No newline at end of file

1	`Command line scanner looking for use of known vulnerable js files and node modules in web projects and/or node projects.`
2
3	`Install`
4	`-------`
5
6	`npm install -g retire`
7
8
9	`Usage`
10	`-----`
11
12	````
13	`Usage: retire [options]`
14
15	`Options:`
16
17	`-h, --help output usage information`
18	`-V, --version output the version number`
19
20	`-p, --package limit node scan to packages where parent is a dependency mentioned in package.json (ignore node_modules and devDependencies)`
21	`-n, --node Run node dependency scan only`
22	`-j, --js Run scan of JavaScript files only`
23	`-v, --verbose Show identified files (by default only vulnerable files are shown)`
24	`-x, --dropexternal Don't include project provided vulnerability repository`
25	`-c, --nocache Don't use local cache`
26
27	`--jspath <path> Folder to scan for javascript files`
28	`--nodepath <path> Folder to scan for node files`
29	`--path <path> Folder to scan for both`
30	`--jsrepo <path\|url> Local or internal version of repo`
31	`--noderepo <path\|url> Local or internal version of repo`
32	`--proxy <url> Proxy url (http://some.server:8080)`
33	`--outputformat <format> Valid formats: text, json`
34	`--outputpath <path> File to which output should be written`
35	`--ignore <paths> Comma delimited list of paths to ignore`
36	`--ignorefile <path> Custom .retireignore file, defaults to .retireignore`
37	`--severity <level> Specify the bug severity level from which the process fails. Allowed levels none, low, medium, high, critical. Default: none`
38	`--exitwith <code> Custom exit code (default: 13) when vulnerabilities are found`
39	````
40
41	`.retireignore`
42	`-------------`
43	````
44	`@qs # ignore this module regardless of location`
45	`node_modules/connect/node_modules/body-parser/node_modules/qs # ignore specific path`
46	````
47	`Due to a bug in ignore resolving, please upgrade to >= 1.1.3`
48
49	`.retireignore.json`
50	`------------------`
51	````
52	`[`
53	`{`
54	`"component": "jquery",`
55	`"identifiers" : { "issue": "2432"},`
56	`"justification" : "We dont call external resources with jQuery"`
57	`},`
58	`{`
59	`"component": "jquery",`
60	`"version" : "2.1.4",`
61	`"justification" : "We dont call external resources with jQuery"`
62	`},`
63	`{`
64	`"path" : "node_modules",`
65	`"justification" : "The node modules are only used for building - client side dependencies are using bower"`
66	`}`
67
68	`]`
69	````
70
71	`Source code / Reporting an issue`
72	`--------------------------------`
73	`The source code and issue tracker can be found at [https://github.com/RetireJS/retire.js](https://github.com/RetireJS/retire.js)`
74
\	No newline at end of file