sequelize.query () native query use the replacements parameter to prevent sql injection?

sequelize.query("SELECT * FROM projects WHERE status = ?",
  { replacements: ["active"], type: sequelize.QueryTypes.SELECT }
).then(projects => {
  console.log(projects)
})

status