Potential fix for code scanning alert no. 3: Incomplete string escaping or encoding

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: soderlind

src/parser/validator.ts

@@ -461,7 +461,10 @@ export class ReadmeValidator {
     });
 
     // 3. Unmatched emphasis markers (simple heuristic)
-    const countMatches = (text: string, token: string) => (text.match(new RegExp(token.replace(/([*~`])/g,'\\$1'),'g')) || []).length;
+    function escapeRegExp(s: string): string {
+      return s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+    }
+    const countMatches = (text: string, token: string) => (text.match(new RegExp(escapeRegExp(token),'g')) || []).length;
     const totalDoubleAsterisk = countMatches(readme.rawContent, '**');
     if (totalDoubleAsterisk % 2 === 1) {
       warnings.push({