Rationale
According to OWASP, one of the top 10 vulnerability risks is using components with known vulnerabilities in your app.
This easily overlooked risk is very relevant for Salesforce developers, as they might unknowingly include vulnerable JavaScript libraries in their Visualforce and Lightning components.
With this rule Clayton offers full protection against this security risk detecting any use of insecure libraries:
referenced as a CDN resource
directly included in your project as a third party library
in LWC packages.json
Supported libraries
Clayton supports the libraries listed in the following link (retire.js):