Please report security issues privately to security@pametan.co rather than opening a public issue. We aim to acknowledge within 2 business days.

This package is offline and dependency-free. The most impactful issues are:

• A materially wrong AFT field position or institution number that could produce a malformed or misdirected payment file — please report with a source.
• A parsing bug that mishandles a crafted input.

Note that a clean validateAccount result does not prove an account exists (Canada has no checkdigit scheme), and the AFT layout must be verified against your FI before production. This is an engineering aid, not advice.

The latest published minor version receives fixes. Until a 1.0 release, both the API and the AFT layout may change as the data and FI feedback improve.