Also found an issue with generating QRCodes due to non-escaped characters.
e.g.for windows /:*?"<>|
I often find these are used in the authenticator name

I changed lines 91-94 of index.js to the below (probably a MUCH better way of doing it than this,but it worked for me (windows) today ;-)

const Escname = name.replace(/[\\\/:*?"<>|]/g, "\-")

    const url = `otpauth://totp/${encodeURI(name)}?secret=${encodeURI(secret)}&issuer=${encodeURI(issuer)}`
    const file = `${directory}/${issuer || "No issuer"} (${escname}).png` 

Aha, yes because we use the authenticator info in the filename, we get bogus file paths.
Good catch!

Anything can be solved in javascript by adding more dependencies 😉
So I think a decent solution would be to add https://github.com/parshap/node-sanitize-filename .
It catches the strange cases like CON as well.