Erlend Oftedal

This is a great idea! I like the following solution. package.json can include "retire" : "<some uri to the projects retire.json>" When scanning the dependencies, we can then look for...

Hi @gersongoulart Here's how I see it: 1. For node modules, Retire.js would look for a "retire" element within package.json. If this element exists, it contains a URI to an...

This might be related to windows file paths using \ instead of /. I haven’t spent much time trying to make it work on windows.

Hmm.. Seems this will require quite a bit of work, as they have removed the background.page in V3...

Thanks. Unfortunately the source code doesn't have any version indicators in them, so this is a bit of a tough one...

@davewichers They seems to have disabled the issue tracker on that project...

I see how this could be useful. In your example though, if you're not at all worried about that library, you could just go with this I think: ``` {...

@gbena Does the file actually contain jquery-migrate? Any chance you could share the file?

Did you by any chance include -v in your orignal command? Because -v will also make it list all _detected_ libraries, not just the ones with vulnerabilities.

From the output above, it didnt say that it has known vulnerabilities. It just said it identified it.