Similar to Dependency Check or Bundler-Audit, Retire.js looks at your third-party libraries and find any publicly disclosed vulnerabilities that apply. That tool is especially useful when used in conjunction with a CI server to automatically monitor for new vulnerabilities in your third-party libraries.
Retire.js run against Railsgoat, the vulnerable Rails application.
Retire.js can also be used as a Chrome or Firefox extension to notify you of out of date libraries in use on a site. This can be useful during application assessments.
Mike McCabe is the Director of Professional Services at nVisium Security. In his free time he likes to build and hack on open source projects. He’s a big fan of Burp and set -o vi in his bash profile. Mike also serves as a board member for the OWASP NoVa chapter.