DenisPodgurskii · DenisPodgurskii · Jan 29, 2026 · Jan 29, 2026 · Jan 29, 2026 · Jan 29, 2026
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -25,7 +25,6 @@
         "adm-zip": "0.5.16",
         "archiver": "7.0.1",
         "babel-loader": "10.0.0",
-        "clone-git-repo": "0.0.2",
         "codemirror-minified": "5.65.9",
         "copy-webpack-plugin": "13.0.1",
         "crypto-es": "3.1.2",
@@ -41,7 +40,6 @@
         "jspdf-autotable": "5.0.7",
         "mermaid": "^11.12.2",
         "npm-check-updates": "19.3.2",
-        "request": "2.88.2",
         "retire": "5.4.2",
         "swagger-editor": "5.1.0",
         "wappalyzer": "7.0.3",

diff --git a/script/build_src.js b/script/build_src.js
@@ -2,6 +2,7 @@ import { createRequire } from 'module'
 const require = createRequire(import.meta.url)
 const fs = require('fs-extra')
 const path = require('path')
+const { execFileSync } = require('child_process')
 
 function assertFile(filePath, label) {
     if (!fs.existsSync(filePath)) {
@@ -18,6 +19,13 @@ function copyLicense(srcDir, destDir, label) {
     fs.copyFileSync(path.join(srcDir, licenseName), path.join(destDir, licenseName))
 }
 
+function gitClone(repo, dest) {
+    const repoUrl = repo.startsWith('http') ? repo : `https://github.com/${repo}.git`
+    fs.removeSync(dest)
+    fs.mkdirpSync(path.dirname(dest))
+    execFileSync('git', ['clone', '--depth', '1', repoUrl, dest], { stdio: 'inherit' })
+}
+
 //lodash-es
 if (!fs.existsSync('src/ptk/packages/lodash-es')) {
     fs.mkdirSync('src/ptk/packages/lodash-es', { recursive: true });
@@ -198,19 +206,15 @@ if (!fs.existsSync('src/ptk/packages/retire')) {
 }
 fs.removeSync('./misc/tmp/')
 
-const download = require('clone-git-repo/index')
-await download('RetireJS/retire.js', './misc/tmp/retire', function (err) {
-    console.log(err ? 'Error' + err : 'Success')
-
-    fs.copyFileSync('misc/tmp/retire/node/lib/retire.js', 'src/ptk/packages/retire/retire.js');
-    fs.copyFile('misc/tmp/retire/repository/jsrepository.json', 'src/ptk/packages/retire/jsrepository.json', (err) => {
-        if (err) throw err;
-    });
-    fs.appendFile('src/ptk/packages/retire/retire.js', 'export { exports as default }', function (err) {
-        if (err) throw err;
-    });
-    fs.removeSync('./misc/tmp/retire')
-})
+gitClone('RetireJS/retire.js', './misc/tmp/retire')
+fs.copyFileSync('misc/tmp/retire/node/lib/retire.js', 'src/ptk/packages/retire/retire.js');
+fs.copyFile('misc/tmp/retire/repository/jsrepository.json', 'src/ptk/packages/retire/jsrepository.json', (err) => {
+    if (err) throw err;
+});
+fs.appendFile('src/ptk/packages/retire/retire.js', 'export { exports as default }', function (err) {
+    if (err) throw err;
+});
+fs.removeSync('./misc/tmp/retire')
 
 //dompurify
 if (!fs.existsSync('src/ptk/packages/dompurify')) {
@@ -221,16 +225,4 @@ fs.copyFile('./node_modules/dompurify/dist/purify.es.mjs', 'src/ptk/packages/dom
 });
 
 
-
-
-// const clone = require('git-clone/promise')
-// await clone("https://github.com/RetireJS/retire.js.git", "./misc/tmp/retire");
-// fs.copyFileSync('misc/tmp/retire/node/lib/retire.js', 'src/ptk/packages/retire/retire.js');
-// fs.copyFile('misc/tmp/retire/repository/jsrepository.json', 'src/ptk/packages/retire/jsrepository.json', (err) => {
-//     if (err) throw err;
-// });
-// fs.appendFile('src/ptk/packages/retire/retire.js', 'export { exports as default }', function (err) {
-//     if (err) throw err;
-// });
-// fs.removeSync('./misc/tmp/')
 console.log('packages updated')
diff --git a/script/build_waf.js b/script/build_waf.js
@@ -1,27 +1,50 @@
 import { createRequire } from 'module'
 const require = createRequire(import.meta.url)
 const fs = require('fs-extra')
-const request = require('request')
+const https = require('https')
+const path = require('path')
+const { execFileSync } = require('child_process')
+
+function fetchJson(url) {
+    return new Promise((resolve, reject) => {
+        https.get(url, (res) => {
+            let data = ''
+            res.on('data', (chunk) => { data += chunk })
+            res.on('end', () => {
+                if (res.statusCode < 200 || res.statusCode >= 300) {
+                    reject(new Error(`HTTP ${res.statusCode} for ${url}`))
+                    return
+                }
+                try {
+                    resolve(JSON.parse(data))
+                } catch (err) {
+                    reject(err)
+                }
+            })
+        }).on('error', reject)
+    })
+}
 
+function gitClone(repo, dest) {
+    const repoUrl = repo.startsWith('http') ? repo : `https://github.com/${repo}.git`
+    fs.removeSync(dest)
+    fs.mkdirpSync(path.dirname(dest))
+    execFileSync('git', ['clone', '--depth', '1', repoUrl, dest], { stdio: 'inherit' })
+}
 
-//wappalyzer
-let categories = {}
 
-request.get(`https://raw.githubusercontent.com/dochne/wappalyzer/main/src/categories.json`, function (error, response, body) {
-    categories = JSON.parse(body)
-})
-await new Promise(resolve => { setTimeout(resolve, 100) })
+//wappalyzer
+const categories = await fetchJson('https://raw.githubusercontent.com/dochne/wappalyzer/main/src/categories.json')
 
 let technologies = {}
 
 for (const index of Array(27).keys()) {
     const character = index ? String.fromCharCode(index + 96) : '_'
-    request.get(`https://raw.githubusercontent.com/dochne/wappalyzer/main/src/technologies/${character}.json`, function (error, response, body) {
-        technologies = {
-            ...technologies,
-            ...JSON.parse(body)
-        }
-    })
+    const data = await fetchJson(`https://raw.githubusercontent.com/dochne/wappalyzer/main/src/technologies/${character}.json`)
+    technologies = {
+        ...technologies,
+        ...data
+    }
     await new Promise(resolve => { setTimeout(resolve, 300) })
 }
 
@@ -35,86 +58,81 @@ console.log('wappalyzer source updated')
 // await clone("https://github.com/EnableSecurity/wafw00f.git", "./misc/tmp/wafw00f");
 
 
-const download = require('clone-git-repo/index')
-await download('EnableSecurity/wafw00f', './misc/tmp/wafw00f', function (err) {
-    console.log(err ? 'Error' + err : 'Success')
-    var data =
-    {
-        "categories": {
-            "100": {
-                "name": "WAF",
-                "priority": 1
-            }
-        },
-        "technologies": {}
-    }
+gitClone('EnableSecurity/wafw00f', './misc/tmp/wafw00f')
+var data =
+{
+    "categories": {
+        "100": {
+            "name": "WAF",
+            "priority": 1
+        }
+    },
+    "technologies": {}
+}
 
-    function readFiles(dirname, onFileContent, onError) {
-        var fs = require('fs'),
-            files = fs.readdirSync(dirname)
+function readFiles(dirname, onFileContent, onError) {
+    var fs = require('fs'),
+        files = fs.readdirSync(dirname)
 
-        files.forEach(function (file) {
-            var content = fs.readFileSync(dirname + file, 'utf8');
-            let [name, item] = createItem(content)
-            if (name) {
-                data.technologies[name] = item
+    files.forEach(function (file) {
+        var content = fs.readFileSync(dirname + file, 'utf8');
+        let [name, item] = createItem(content)
+        if (name) {
+            data.technologies[name] = item
 
-            }
-        });
+        }
+    });
 
-        fs.writeFile('./src/ptk/packages/wappalyzer/waf.json', JSON.stringify(data, null, 4), function (err) {
-            if (err) console.log(err);
-        })
-        console.log('waf source updated')
+    fs.writeFile('./src/ptk/packages/wappalyzer/waf.json', JSON.stringify(data, null, 4), function (err) {
+        if (err) console.log(err);
+    })
+    console.log('waf source updated')
 
-    }
+}
 
 
 
-    function createItem(content) {
+function createItem(content) {
 
-        var nameRegex = /NAME\s?=\s?'(.+)'/,
-            headerRegex = /self\.matchHeader\(\((.+),(.+)\)\)/g,
-            htmlRegex = /self\.matchContent\(r?'(.+)'\)/g,
-            cookieRegex = /self\.matchCookie\(r?'(.+)'\)/g
+    var nameRegex = /NAME\s?=\s?'(.+)'/,
+        headerRegex = /self\.matchHeader\(\((.+),(.+)\)\)/g,
+        htmlRegex = /self\.matchContent\(r?'(.+)'\)/g,
+        cookieRegex = /self\.matchCookie\(r?'(.+)'\)/g
 
-        if (nameRegex.test(content)) {
-            let item = { "cats": [100] }
+    if (nameRegex.test(content)) {
+        let item = { "cats": [100] }
 
 
-            let n = nameRegex.exec(content), name = n[1]
+        let n = nameRegex.exec(content), name = n[1]
 
-            if (headerRegex.test(content)) {
-                item["headers"] = {}
-                let m = null, re = new RegExp(headerRegex)
-                while (m = re.exec(content)) {
-                    item.headers[m[1].replace(/'/g, "")] = m[2].replace(" r'", '').replace("'", '')
-                }
+        if (headerRegex.test(content)) {
+            item["headers"] = {}
+            let m = null, re = new RegExp(headerRegex)
+            while (m = re.exec(content)) {
+                item.headers[m[1].replace(/'/g, "")] = m[2].replace(" r'", '').replace("'", '')
             }
+        }
 
-            if (htmlRegex.test(content)) {
-                item["html"] = []
-                let m = null, re = new RegExp(htmlRegex)
-                while (m = re.exec(content)) {
-                    item.html.push(m[1])
-                }
+        if (htmlRegex.test(content)) {
+            item["html"] = []
+            let m = null, re = new RegExp(htmlRegex)
+            while (m = re.exec(content)) {
+                item.html.push(m[1])
             }
+        }
 
-            if (cookieRegex.test(content)) {
-                item["cookies"] = {}
-                let m = null, re = new RegExp(cookieRegex)
-                while (m = re.exec(content)) {
-                    item.cookies[m[1]] = ""
-                }
+        if (cookieRegex.test(content)) {
+            item["cookies"] = {}
+            let m = null, re = new RegExp(cookieRegex)
+            while (m = re.exec(content)) {
+                item.cookies[m[1]] = ""
             }
-            return [name, item]
         }
-        return [null, null]
+        return [name, item]
     }
+    return [null, null]
+}
 
 
-    readFiles("./misc/tmp/wafw00f/wafw00f/plugins/")
-    fs.removeSync('./misc/tmp/wafw00f')
-
-})
-
+readFiles("./misc/tmp/wafw00f/wafw00f/plugins/")
+fs.removeSync('./misc/tmp/wafw00f')
diff --git a/src/ptk/browser/assets/js/report.js b/src/ptk/browser/assets/js/report.js
@@ -1575,7 +1575,22 @@ function normalizeStorageEntries(value) {
 
 function stripHtmlTags(value) {
     if (!value) return ""
-    return String(value).replace(/<[^>]*>/g, "")
+    const text = String(value)
+    try {
+        if (typeof DOMParser !== "undefined") {
+            const doc = new DOMParser().parseFromString(text, "text/html")
+            return doc?.body?.textContent || ""
+        }
+    } catch (_) {
+        // Fall back to iterative regex stripping if DOMParser is unavailable.
+    }
+    let prev = text
+    let next = prev.replace(/<[^>]*>/g, "")
+    while (next !== prev) {
+        prev = next
+        next = prev.replace(/<[^>]*>/g, "")
+    }
+    return next
 }
 
 function updateExportDashboardModel() {
@@ -1777,6 +1792,7 @@ function escapeMarkdownCell(value) {
 function escapeMarkdownText(value) {
     if (value === null || value === undefined) return ""
     return String(value)
+        .replace(/\\/g, "\\\\")
         .replace(/&/g, "&amp;")
         .replace(/</g, "&lt;")
         .replace(/>/g, "&gt;")
@@ -2287,10 +2303,12 @@ function buildMarkdownFromExportModel(model) {
                             push(`**Taint Trace:**`)
                             traceEntries.forEach(entry => {
                                 const stage = entry.stage ? entry.stage.toUpperCase() : "STEP"
-                                push(`1. **${stage}**`)
-                                if (entry.label) push(`Label: ${escapeMarkdownText(entry.label)}`)
-                                if (entry.file) push(`File: ${escapeMarkdownText(entry.file)}`)
-                                if (entry.loc) push(`Location: ${escapeMarkdownText(entry.loc)}`)
+                                const details = []
+                                if (entry.label) details.push(`Label: ${escapeMarkdownText(entry.label)}`)
+                                if (entry.file) details.push(`File: ${escapeMarkdownText(entry.file)}`)
+                                if (entry.loc) details.push(`Location: ${escapeMarkdownText(entry.loc)}`)
+                                const detailHtml = details.length ? `<br>${details.join("<br>")}` : ""
+                                push(`1. <small><strong>${escapeMarkdownText(stage)}</strong>${detailHtml}</small>`)
                                 push(``)
                             })
                         }

diff --git a/src/ptk/packages/lodash-es/flake.lock b/src/ptk/packages/lodash-es/flake.lock