Which open source does a site use — and is it safe?
Detects the client-side open-source libraries a website ships to the browser, the exact versions in use, and whether those versions carry known security vulnerabilities.
What this checks
- Libraries in use. Client-side open-source components detected from script URLs, file contents, and the live page runtime.
- Exact versions. The precise version of each library, read from the page wherever possible.
- Known vulnerabilities. Each version is matched against the Retire.js vulnerability database, with CVE identifiers and severity.
- Upgrade target. The minimum version that clears every known issue on a vulnerable library.
Only software the browser downloads is visible — a site's server-side dependencies are not covered.