From 4be60d62182ddf970205cc46964c00d813bd7849 Mon Sep 17 00:00:00 2001
From: Manan <manan@neynar.com>
Date: Mon, 22 Dec 2025 22:32:57 -0800
Subject: [PATCH] Potential fix for code scanning alert no. 6: Incomplete
 string escaping or encoding

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 bin/init.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/bin/init.js b/bin/init.js
index a060a58..d5d9a47 100644
--- a/bin/init.js
+++ b/bin/init.js
@@ -597,8 +597,11 @@ export async function init(
     if (fs.existsSync(constantsPath)) {
       let constantsContent = fs.readFileSync(constantsPath, 'utf8');
 
-      // Helper function to escape single quotes in strings
-      const escapeString = (str) => str.replace(/'/g, "\\'");
+      // Helper function to escape backslashes and single quotes in strings
+      const escapeString = (str) =>
+        String(str)
+          .replace(/\\/g, '\\\\') // escape all backslashes
+          .replace(/'/g, "\\'");  // then escape single quotes
 
       // Helper function to safely replace constants with validation
       const safeReplace = (content, pattern, replacement, constantName) => {