feat: install and run retire.js

[tharsono]

To install Retire.js:

1. Create and navigate to the retire-tool subfolder
2. Run npm install. This installs Retire.js and creates retire-tool/package.json and retire-tool/package-lock.json tracking the installation.
   Note:

• The root package.json and package-lock.json are gitignored, so a dedicated subfolder was created to maintain trackable file changes.
• To run the tool from the retire-tool subfolder: npx retire --path ..

retire-terminal-output.txt is a text file containing the terminal output from the tool.

Pros:

• Automatically detects known vulnerable dependency versions without requiring any tests to be written
• Catches real, CVE-tracked vulnerabilities with severity ratings
• Fast to run
• Outputs both human-readable terminal output and machine-readable JSON, making it easy to review manually or integrate into automated pipelines later

Cons

• Cannot test actual runtime behavior since it is a static analysis tool
• Produces noise from indirect dependencies outside of developer control such as third-party packages that the team does not directly manage or update
• Like jshint, customization becomes necessary for realistic use
• Retire.js does not suggest remediation commands, it identifies the problem but leaves fixing it entirely to the developer