Third-party component with known vulnerability

Rationale

According to OWASP, one of the top 10 vulnerability risks is using components with known vulnerabilities in your app.
This easily overlooked risk is very relevant for Salesforce developers, as they might unknowingly include vulnerable JavaScript libraries in their Visualforce and Lightning components.

With this rule Clayton offers full protection against this security risk detecting any use of insecure libraries:

• referenced as a CDN resource

• or directly included in your project as a third party library

Supported libraries

Clayton supports the libraries listed in the following link (retire.js):

• https://retirejs.github.io/retire.js/