diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index dd3e5e00d6..adf1d82e2f 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -85,6 +85,12 @@ jobs:
- name: Node tests
run: npm test
+ - name: Install retire.js
+ run: npm install -g retire
+
+ - name: Run retire.js
+ run: retire --severity high
+
- name: Extract coverage info
run: npm run coverage
diff --git a/.gitignore b/.gitignore
index 17bbb8e5f5..b9ed31e2d8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -78,3 +78,6 @@ test.sh
dump.rdb
.archiver_shadow/
.snapshots/
+
+# stryker temp files
+.stryker-tmp
diff --git a/index.htlp b/index.htlp
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/install/package.json b/install/package.json
index c134fb0750..6f3e0cb73e 100644
--- a/install/package.json
+++ b/install/package.json
@@ -170,7 +170,6 @@
"eslint-config-nodebb": "1.1.11",
"eslint-plugin-import": "2.32.0",
"grunt": "1.6.1",
- "grunt-contrib-watch": "1.1.0",
"husky": "8.0.3",
"jsdom": "27.4.0",
"lint-staged": "16.2.7",
diff --git a/retire-report.json b/retire-report.json
new file mode 100644
index 0000000000..3d6f4dc681
--- /dev/null
+++ b/retire-report.json
@@ -0,0 +1 @@
+{"version":"5.4.2","start":"2026-03-11T21:20:43.864Z","data":[{"file":"/workspaces/nodebb-spring-26-team-bing/node_modules/faker/locale/.publish/scripts/docstrap.lib.js","results":[{"version":"2.1.4","component":"jquery","npmname":"jquery","detection":"filecontent","vulnerabilities":[{"info":["http://research.insecurelabs.org/jquery/test/","https://bugs.jquery.com/ticket/11974"],"below":"2.2.0","atOrAbove":"1.8.0","severity":"medium","identifiers":{"summary":"parseHTML() executes scripts in event handlers","issue":"11974"},"cwe":["CWE-79"]},{"info":["https://github.com/jquery/jquery.com/issues/162"],"below":"2.999.999","severity":"low","identifiers":{"summary":"jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates","retid":"73","issue":"162"},"cwe":["CWE-1104"]},{"info":["http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/","http://research.insecurelabs.org/jquery/test/","https://github.com/advisories/GHSA-rmxg-73gg-4p98","https://github.com/jquery/jquery/issues/2432","https://nvd.nist.gov/vuln/detail/CVE-2015-9251"],"below":"3.0.0-beta1","atOrAbove":"1.12.3","severity":"medium","identifiers":{"summary":"3rd party CORS request may execute","issue":"2432","CVE":["CVE-2015-9251"],"githubID":"GHSA-rmxg-73gg-4p98"},"cwe":["CWE-79"]},{"info":["https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://nvd.nist.gov/vuln/detail/CVE-2019-11358"],"below":"3.4.0","atOrAbove":"1.1.4","severity":"medium","identifiers":{"summary":"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution","CVE":["CVE-2019-11358"],"PR":"4333","githubID":"GHSA-6c3j-c64m-qhgq"},"cwe":["CWE-1321","CWE-79"]},{"info":["https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"],"below":"3.5.0","atOrAbove":"1.0.3","severity":"medium","identifiers":{"summary":"passing HTML containing