shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using Shescape to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.